I really don't known. I find the same question here : http://unix.stackexchange.com/questions/108169/what-is-the-difference-between-m-conntrack-ctstate-and-m-state-state
I look in openstack and cloudstack code, they are using -m state --state RELATED,ESTABLISHED but it seem that http://comments.gmane.org/gmane.comp.security.firewalls.netfilter.general/45564 since iptables 1.4.16 -m state --state is deprecated, and we should use -m conntrack --ctstat ----- Mail original ----- De: "Dietmar Maurer" <[email protected]> À: "Alexandre DERUMIER ([email protected])" <[email protected]> Cc: [email protected] Envoyé: Jeudi 20 Février 2014 12:30:18 Objet: iptables question What is the difference between: -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT and -m state --state RELATED,ESTABLISHED -j ACCEPT _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
