If I am allowing no NEW connections from the outside except -all- ESTABLISHED, RELATED. Then I am doing connection tracking. right? So if I allow in the FORWARD chain, tcp 20 and 21 for Active FTP and 21 and 1025:65535 for Passive FTP, FROM INSIDE TO OUTSIDE, then I am doing connection tracking on FTP. Right. SO why need ip_conntrack_ftp? What additional does it do? My question is does overall connection tracking supercede ftp connection tracking? ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html