* simple question about state vs conntrack modules
@ 2009-10-21 21:59 Leonardo Rodrigues
2009-10-22 19:17 ` Jozsef Kadlecsik
0 siblings, 1 reply; 3+ messages in thread
From: Leonardo Rodrigues @ 2009-10-21 21:59 UTC (permalink / raw)
To: ML netfilter
recently i have read a nice documentation with some hints for making
good rulesets .... and one caught my attention
http://jengelh.medozas.de/documents/Perfect_Ruleset.pdf
Towards the perfect ruleset
Jan Engelhardt
August 2009
5 Modern extensions
De-facto obsolete extensions:
* -m state: replaced by -m conntrack
i must confess i dont recall reading about state module being
obsoleted by conntrack one ..... is that true ??? I know conntrack has
more options .... but that it obsoleted state, that i dont remember ....
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertrudes@solutti.com.br
My SPAMTRAP, do not email it
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: simple question about state vs conntrack modules
2009-10-21 21:59 simple question about state vs conntrack modules Leonardo Rodrigues
@ 2009-10-22 19:17 ` Jozsef Kadlecsik
2009-10-23 16:36 ` Leonardo Rodrigues
0 siblings, 1 reply; 3+ messages in thread
From: Jozsef Kadlecsik @ 2009-10-22 19:17 UTC (permalink / raw)
To: Leonardo Rodrigues; +Cc: ML netfilter
On Wed, 21 Oct 2009, Leonardo Rodrigues wrote:
> recently i have read a nice documentation with some hints for making good
> rulesets .... and one caught my attention
>
> http://jengelh.medozas.de/documents/Perfect_Ruleset.pdf
>
> Towards the perfect ruleset
> Jan Engelhardt
> August 2009
>
> 5 Modern extensions
> De-facto obsolete extensions:
> * -m state: replaced by -m conntrack
>
> i must confess i dont recall reading about state module being obsoleted by
> conntrack one ..... is that true ??? I know conntrack has more options ....
> but that it obsoleted state, that i dont remember ....
Technically the conntrack match supersedes - and so obsoletes - the state
match. But practically the state match is not obsoleted in any way.
Best regards,
Jozsef
-
E-mail : kadlec@blackhole.kfki.hu, kadlec@mail.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
H-1525 Budapest 114, POB. 49, Hungary
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: simple question about state vs conntrack modules
2009-10-22 19:17 ` Jozsef Kadlecsik
@ 2009-10-23 16:36 ` Leonardo Rodrigues
0 siblings, 0 replies; 3+ messages in thread
From: Leonardo Rodrigues @ 2009-10-23 16:36 UTC (permalink / raw)
To: ML netfilter
Jozsef Kadlecsik escreveu:
>> 5 Modern extensions
>> De-facto obsolete extensions:
>> * -m state: replaced by -m conntrack
>>
>> i must confess i dont recall reading about state module being obsoleted by
>> conntrack one ..... is that true ??? I know conntrack has more options ....
>> but that it obsoleted state, that i dont remember ....
>>
>
> Technically the conntrack match supersedes - and so obsoletes - the state
> match. But practically the state match is not obsoleted in any way.
>
That's exactly what i tought ..... conntrack can offer more options,
but saying state is obsolete means, at least to me, that it's support
and maintenance will be dropped soon and everybody HAVE TO stop using it
and using something else.
well, nice to know state is NOT obsolete the way i understand
something is obsoleted.
thanks for your answer
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertrudes@solutti.com.br
My SPAMTRAP, do not email it
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-10-23 16:36 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-10-21 21:59 simple question about state vs conntrack modules Leonardo Rodrigues
2009-10-22 19:17 ` Jozsef Kadlecsik
2009-10-23 16:36 ` Leonardo Rodrigues
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox