state
This module, when combined with connection tracking, allows access to the connection tracking state for
this packet.
[!] --state state
Where state is a comma separated list of the connection states to match. Possible states are
INVALID meaning that the packet could not be identified for some reason which includes running out
of memory and ICMP errors which don't correspond to any known connection, ESTABLISHED meaning that
the packet is associated with a connection which has seen packets in both directions, NEW meaning
that the packet has started a new connection, or otherwise associated with a connection which has
not seen packets in both directions, and RELATED meaning that the packet is starting a new
connection, but is associated with an existing connection, such as an FTP data transfer, or an
ICMP error. UNTRACKED meaning that the packet is not tracked at all, which happens if you use the
NOTRACK target in raw table.
|
-j, --jump target
This specifies the target of the rule; i.e., what to do if the packet matches it. The target can
be a user-defined chain (other than the one this rule is in), one of the special builtin targets
which decide the fate of the packet immediately, or an extension (see EXTENSIONS below). If this
option is omitted in a rule (and -g is not used), then matching the rule will have no effect on
the packet's fate, but the counters on the rule will be incremented.
|