From mboxrd@z Thu Jan  1 00:00:00 1970
From: william fitzgerald <wfitzgerald@tssg.org>
Subject: Query: conntrack verus state command set
Date: Mon, 28 Aug 2006 16:36:39 +0100
Message-ID: <44F30D87.1050901@tssg.org>
Reply-To: wfitzgerald@tssg.org
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Return-path: <netfilter-bounces@lists.netfilter.org>
List-Id: <netfilter.vger.kernel.org>
List-Unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>,
	<mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
List-Archive: </pipermail/netfilter>
List-Post: <mailto:netfilter@lists.netfilter.org>
List-Help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-Subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>,
	<mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
Sender: netfilter-bounces@lists.netfilter.org
Errors-To: netfilter-bounces@lists.netfilter.org
Content-Type: text/plain; charset="us-ascii"; format="flowed"
To: netfilter@lists.netfilter.org

Dear all,

I have began my initial investigation into iptables from reading the 
200+ page documentation by Oskar Andresson along with the man pages.

My question is the conntrack command set a replacement for the -m state 
commands or is it an enhancement?

I am a little confused as I see some examples on the web etc that don't 
use conntrack at all and others that do with the state options.

so is "conntrack" an add on to the "state" option or is it envisioned 
that "conntrack" will replace the "state" option?

in fact can the iptables provide statefull inspection with just the 
"state" command set?

kind regards,
Will.

-- 
William M. Fitzgerald,
PhD Student,
Telecommunications Software & Systems Group,
Waterford Institute of Technology,
Cork Rd.
Waterford.
Office Ph: +353 51 302937
Mobile Ph: +353 87 9527083