strange MS visits
Anthony de Boer
adb-tlug-AbAJl/g/NLXk1uMJSBkQmQ at public.gmane.org
Tue Dec 7 04:42:55 UTC 2004
Henry Spencer wrote:
> On Thu, 2 Dec 2004, William Park wrote:
> > Once I accept the packet with SYN bit set, doesn't IPTable consider any
> > subsequent packets ESTABLISHED or RELATED (otherwise, previously
> > "seen")? Or, is IPTable smart enough to know that remote is requesting
> > TCP connection which is in the middle of being established?
>
> It's been a long time since I looked at setting this up with iptables...
You don't have to use the connection-tracking stuff with iptables; you
can build a traditional stateless ruleset with it just as well.
If one is building really big Linux routers, one finds that the
connection-tracking table can get unreasonably large, and a configuration
that doesn't pull it in can be better. However, in most cases it is
useful (and note that NAT is built on it, too).
--
Anthony de Boer
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list