Hello Henning, Wednesday, July 23, 2003, 2:29:10 AM, you wrote:
Henning> On Wed, Jul 23, 2003 at 01:36:13AM -0300, Alejandro G. Belluscio wrote: >> I concur, but at least in my mind it's easier to picture TCP states as >> starting with a SYN/SYN+ACK/ACK. Henning> that does not mean filtering based on flags explicitely is a good idea. My understanding is that if I don't mind about loosing states after reboots or flushing of the state table, then it's not a bad idea either (i.e. just some unnecesary work for the rule matching code). Is there some other drawback? -- Best regards, Alejandro Belluscio
