Hi
I have a very general question and I searched the forum, I also read the WIKI but i didn’t find the straitforward answer.
In IP/Firewall/FilterRules, under “connection-state” section, what is the relationship between those states? it is “or” or “and”? in other word, it’s a “match all” or “match any”?
for example, these 2 lines are from default config:
7 ;;; defconf: fasttrack
chain=forward action=fasttrack-connection connection-state=established,related
so, when do the action=fasttrack-connection will do it’s job? when a connection is established “and” related? or just one of them would be enough to take action?
The trainer focussed on the term fasttrack which was not the question. I have not a big problem with it and he was unsure about his answer as you can read.
Thanks all of you, leoservices & sid5632 & msatter
as you said, match any makes much more sense.
if there is no problem, I have another question about firewall and i ask it in this Topic.
as i read the “default config” rules in “ip/firewall/filter”, there is no mention of allowing new connections(for example from LAN interfaces to WAN interface)
so, a new connections passes through all of the > defconfig > rules and hits the end, then there is an implicit allow there. so this new connection will be allowed.
after that, if there was a reply and connection state become “established”, this connection will be catched by fasttrack rule in > defconfig > and the action that defined there will be taken.