On Thu, Jun 26, 2003 at 09:35:40AM +0200, Mikael Nyström wrote:
> Hi,
> I'm trying to write some rules for my firewall and have a question about 
> keep state.
> I've got two interfaces on the machine and is there two separate state 
> tables or one
> "global" shared by the two interfaces.

The question is not relevant for two reasons:

o usually, you will write a stateful rule on a specific interface, whose
  name is kept in the dynamically created rules,

o if you write a stateful rule that can match several interfaces, it won't
  be the case for a single connection, since a matching packet can't go the
  same way (in or out) through both interfaces.

Anyway, you should avoid writing rules that may use several state entries
for a given connection.

Quentin Garnier.