1.2.1. Procedure – Handling packet filtering services

  1. PNS generates a session ID and creates a CONNTRACK entry for the connection. This ID is based on all relevant information about the connection, including the protocol (TCP/UDP) and the client's address.

    The session ID uniquely identifies the connection and is included in every log message related to this particular connection.

  2. Based on the parameters of the connection, the Rule selects the service that will inspect the connection.

  3. The Router defined in the service determines the destination address of the server.

    The Router performs the following actions:

    • Determines the destination address of the server.

    • Sets the source address of the server-side connection, according to the forge_address settings of the router.

  4. If the client is permitted to access the selected service, the packet filter is instructed to let the connection pass PNS.

  5. Network address translation (NAT) on the connection is also performed by the packet filter, if needed.