Please post this on the netfilter mailinglist instead of here as this is an iproute2-mailinglist, not dedicated to iproute2. See more info at http://netfilter.samba.org use iptables -A INPUT -i eth0 -p tcp -m state --state NEW --dport ! 22 -j DROP /Patrik -----Original Message----- From: lartc-admin@xxxxxxxxxxxxxxx [mailto:lartc-admin@xxxxxxxxxxxxxxx]On Behalf Of Paul Wouters Sent: den 28 februari 2001 18:07 To: lartc@xxxxxxxxxxxxxxx Subject: [LARTC] Another newbyish question I'm afraid, -m state --state matters I'd like to be able to deny all new connections to a firewall, with the exception of port 22 (sshd) and some ports I'd like to forward internally. Now, there is this nice feature Rusty describes to do that: iptables -A INPUT -i eth0 -m state --state NEW,INVALID -j DROP iptables -A FORWARD -i eth0 -m state --state NEW,INVALID -j DROP However, it seems I can't make a rule that is using the state AND a source/dest port in there. Eg the following won't work: iptables -A INPUT -i eth0 -m state --state NEW,INVALID --dport 22 -j DROP iptables -A INPUT -i eth0 -m state --state NEW,INVALID -j DROP iptables -A FORWARD -i eth0 -m state --state NEW,INVALID --dport 25 -j ACCEPT iptables -A FORWARD -i eth0 -m state --state NEW,INVALID -j DROP Anyone? :) Paul -- Just patent your virus and sue the anti-virus companies for reverse enineering it. --- cne_pc@xxxxxxxxxxxxxxxxxxxxxxxxx, in response to Norton's patent on "software updates" _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
