Next in the listing, we see a reversal of the original source and destination address and port information to allow return traffic. Which tcp ports are being opened Ygrex: 08-06-2009 03:16 AM: mostly 80 was in use I cannot figure out the way, how such connections could be established. I have a situation where some Poptop/PPTP sessions (only with FC5/Shorewall to FC5/Shorewall firewall in between) cause the following to appear in the state. Suncoast: 08-04-2009 05:35 PM: Could be just hacker probes. How could they appear in the connection tracking list Thanks for any help, Igor. I am a using dd-wrt router and trying to get some per-user metrics, I was wondering about filtering only ESTABLISHED connections or include NEW and RELATED, I have read a lot about this last two, but I am still not sure about considering it part of used bandwidth. iptables -A OUTPUT -p tcp -m state -state NEW, ESTABLISHED -j ACCEPT. Because this is an initial connection (as demonstrated by the connection's TCP state), this line lists that IPTables sees this connection as UNREPLIED and hasn't increased its timeout value yet. All such entries are ESTABLISHED TCP and UNREPLIED.
0 kommentar(er)
