The connection list monitors the source address, destination address, protocol, source port, destination port, etc. of a connection, along with any actions that may be executed. This list is sorted by the source address, destination address, protocol, source port and destination port of the packet that caused the entry in the list.
Under WEBconfig the filter list is structured as follows:
The list contains the following elements:
| Element | Meaning |
|---|---|
| Src address | Source address of the connection |
| Dst address | Destination address of the connection |
| Prot. | Protocol used (TCP/UDP, etc.), shown as a decimal |
| Src port | Source port of the connection. The port is only shown for port-related protocols (TCP/UDP) or protocols that have a comparable field (ICMP/GRE) |
| Dst port | Destination port of the connection (in the case of UDP connections, this contains the first answer only) |
| Timeout | Each entry ages out of this list over time, which prevents the list from overflowing with "dead" connections. |
| Flags | The flags are used to store information on the connection state and other (internal) information to a bit field. The states can have the following values: New, establish, open, closing, closed, rejected (corresponding to the TCP flags: SYN, SYN ACK, ACK, FIN, FIN ACK and RST) UDP connections know the states, open and closing (the latter only if the UDP connection is linked by a stateful control channel. |
| Src route | Name of the remote site from which the first packet was received. |
| Dst route | Name of the remote site to which the first packet is sent. |
| Filter rule | Name of the rule that created the entry. It also determines the actions to take when a matching packet is received. |
Meaning of the flags in the connection list
| Flag | Meaning |
|---|---|
| 00000001 | TCP: SYN sent |
| 00000002 | TCP: SYN/ACK received |
| 00000004 | TCP: Waiting for ACK from server |
| 00000008 | All: Connection open |
| 00000010 | TCP: FIN received |
| 00000020 | TCP: FIN sent |
| 00000040 | TCP: RST sent or received |
| 00000080 | TCP: Session being restored |
| 00000100 | FTP: Passive FTP connection being established |
| 00000400 | H.323: Related T.120 connection |
| 00000800 | Connection via loopback interface |
| 00001000 | Checking linked rules |
| 00002000 | Rule is linked |
| 00010000 | Destination is on "local route" |
| 00020000 | Destination is on default route |
| 00040000 | Destination is on VPN route |
| 00080000 | No physical connection established |
| 00100000 | Source is on default route |
| 00200000 | Source is on VPN route |
| 00800000 | No route to destination |
| 01000000 | Contains global action with condition |
