is there a way to discriminate the ESTABLISHED traffic?

> other device.  I believe that once the traffic flow is being managed by
> connection tracking, the packets never traverse the filter table.  Thus,
> you cannot them there.

s/filter/nat/, but there is no NAT involved in the question.

