[pve-devel] iptables question
Alexandre DERUMIER
aderumier at odiso.com
Thu Feb 20 12:57:44 CET 2014
I really don't known.
I find the same question here :
http://unix.stackexchange.com/questions/108169/what-is-the-difference-between-m-conntrack-ctstate-and-m-state-state
I look in openstack and cloudstack code, they are using -m state --state RELATED,ESTABLISHED
but it seem that
http://comments.gmane.org/gmane.comp.security.firewalls.netfilter.general/45564
since iptables 1.4.16
-m state --state is deprecated, and we should use -m conntrack --ctstat
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER (aderumier at odiso.com)" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Jeudi 20 Février 2014 12:30:18
Objet: iptables question
What is the difference between:
-m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
and
-m state --state RELATED,ESTABLISHED -j ACCEPT
More information about the pve-devel
mailing list