> Does it mean that connection tracking is valid when I use "-m state > --state" or not?
Yes - AFAIK, connection tracking is active whenever the ip_conntrack.o kernel module is loaded, regardless of whether you actually use the information it provides. If connection tracking is built into the kernel, then there's no way to deactivate it that I know if. If not, rmmod'ing ip_conntrack ought to do it. -EtherMage
