On Monday 03 July 2006 18:52, martin f krafft wrote: > I was surprised today to find an SSH connection from my LAN to the > 'Net surviving a power cycle of my router -- a laptop running sarge > with kernel 2.6 and iptables. > > I have the following two rules first thing in the FORWARD chain: > > -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT > -A FORWARD -m conntrack --ctstate INVALID -j DROP > > to me, this means that SYN packets may pass to the actual rules, and > packets belonging to a connection known to the router are accepted. > During the reboot, the router surely forgot about the existing > connections, so why can the SSH connection persist? Is there some > Linux magic going on?
Since I have experimented something similar, I add to the question: My ssh connections survived for some minutes if I dis-connected/reconnected with my old dialup days. It obviuosly changed IP address. How is that possible? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]