How long is a connection apply for the mangle filter connection state = ´new´?
When first package passes through connection tracker, a connection is initiated, and mangle filter in prerouting gives this ´new´ connection a connection marker, then when in next filter in ´forward´chain filteres the package again to be given another connection marker, is this connection still to be considered ´new´?
It looks in this second instance my filter with conn. state ´new´ misses this connection now...
So what is exactly the difference in ´new´ and ´esthablished´? Is this something only the router decides? When a new src-IP+port<>dst-IP+port connection is made it is new, but for how long? Only the first byte? Or the first millisecond, the first second? Only the first time is passes A filter in the mangle? (What if it also passes /firewall/filter filter?)
When is new really new in this respect?