Henrik Nordstrom | c279413 | 2004-01-22 15:04:24 +0000 | [diff] [blame] | 1 | This module, when combined with connection tracking, allows access to |
| 2 | the connection tracking state for this packet. |
| 3 | .TP |
Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 4 | [\fB!\fP] \fB\-\-state\fP \fIstate\fP |
Henrik Nordstrom | c279413 | 2004-01-22 15:04:24 +0000 | [diff] [blame] | 5 | Where state is a comma separated list of the connection states to |
| 6 | match. Possible states are |
| 7 | .B INVALID |
| 8 | meaning that the packet could not be identified for some reason which |
| 9 | includes running out of memory and ICMP errors which don't correspond to any |
| 10 | known connection, |
| 11 | .B ESTABLISHED |
| 12 | meaning that the packet is associated with a connection which has seen |
| 13 | packets in both directions, |
| 14 | .B NEW |
| 15 | meaning that the packet has started a new connection, or otherwise |
| 16 | associated with a connection which has not seen packets in both |
| 17 | directions, and |
| 18 | .B RELATED |
| 19 | meaning that the packet is starting a new connection, but is |
| 20 | associated with an existing connection, such as an FTP data transfer, |
| 21 | or an ICMP error. |
Simon Lodal | afbac0d | 2010-05-10 01:02:21 +0200 | [diff] [blame] | 22 | .B UNTRACKED |
| 23 | meaning that the packet is not tracked at all, which happens if you use |
| 24 | the NOTRACK target in raw table. |