On Sun, 2002-07-21 at 21:04, Patrick Schaaf wrote:
> > To my knowledge, the iptables connectiontracking is interface
> > independant, it doesn't care which interfaces packets come and go on. No
> > information about interfaces is saved anywhere.
> > I'm not so familiar with the NAT code but I can't find anything relating
> > to interfaces there either.
>
> Strongly seconded. And I've been to my ears in the conntrack code, for the
> last few days. Nowhere do interfaces appear, except when specified explicitly
> by the admin in certain iptables rulesets.
And even then it's only used for the actual rule-lookup in the nat-table
that's only traversed by the first packet in a "connection"[1], it's
just so you can define diffrent policies depending on which interface
the first packet goes out via. Nothing regarding interfaces is saved for
the "connection"[1] even when an interface has been specified in the
rule.
[1]: "connection", the state of a flow, not related to tcp states.
-- /MartinNever argue with an idiot. They drag you down to their level, then beat you with experience. _______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:25 CEST