Hello All, Did any one tried using the conntrack match option? at the moment i am using -m state match option but as quted in the patch conntrack is the super set of state match. I tried the plain state matching option ie
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT. my understanding is, it should work just as -m state match support works. But moment i use this conntrack match support i lose the connection. Doing some tcpdump and going through the logs i found that firewall is dropping all of my reply packets which in theory should be part of established session. my question is did some one tried conntrack match support and if yes am i missing some thing here? Thanks Subodh Shrivastava __________________________________________________ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards� http://movies.yahoo.com/
