Well the state of anything is dependent on
what has already happened. So in this context
it means that iptables decides what to do with a
packet by looking at the packet (like ipchains)
but also by looking at (the consequence of) all
previous packets associated with the same "connection".
For e.g. you can block ping responses that have
no corresponding ping request.
More details here:
http://www.cs.princeton.edu/~jns/security/iptables/iptables_conntrack.html
Padraig.
hrishy wrote:
> what is meant by state of a connection ?
>>> --- Padraig Brady <padraig at antefacto.com> wrote: >
> Barry O'Donovan wrote:
>>>>Is there a significant difference? Which is
>>>>better?
>>>>The fundamental difference is that iptables tracks
>>the state of connections which gives you more
>>control, whereas ipchains just looks at each packet
>>individually.
>>>>Padraig.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
