connection-state (estabilished | invalid | new | related | untracked)

Interprets the connection tracking analysis data for a particular packet:

• established – a packet which belongs to an existing connection
• invalid – a packet that does not have determined (مشخص) state in connection tracking (usually – severe out-of-order packets, packets with wrong sequence/ack number, or in case of resource over usage on router), for this reason invalid packet will not participate (شرکت کردن) in NAT (as only connection-state=new packets do), and will still contain (حاوی) original source IP address when routed. We strongly suggest to drop all connection-state=invalid packets in firewall filter forward and input chains
• new – the packet has started a new connection, or otherwise associated (در غیر این صورت مرتبط است با) with a connection which has not seen packets in both directions.
• related – a packet which is related to, but not part of an existing connection, such as ICMP errors or a packet which begins FTP data connection
• untracked – packet which was set to bypass connection tracking in firewall RAW tables.