If these rules appeared in that order in the same set of rules, the second rule wouldn't be hit because the first one is already accepting all the NEW,ESTABLISHED,RELATED traffic regardless of protocol and port. So, as other listers have pointed out, the rules are not the same. If they appeared together though, since the first one is more general, it will match the traffic the second rule was designed to match. > -----Original Message----- > From: netfilter-admin@lists.netfilter.org > [mailto:netfilter-admin@lists.netfilter.org]On Behalf Of Mike > Sent: Thursday, January 16, 2003 9:30 AM > To: netfilter@lists.netfilter.org > Subject: rule check > > > Are these two rules essentially the same ? > > Thanks, > Mike > > iptables -A FORWARD -i eth2 -o eth0 -m state --state > NEW,ESTABLISHED,RELATED -j ACCEPT > > iptables -A FORWARD -i eth2 -o eth0 -p tcp --dport 2000:2050 -m > state --state NEW,ESTABLISHED,RELATED -j ACCEPT > > >
