Le ven 28/03/2003 à 11:59, Vincent Lim a écrit : > So, initially..the replying packets need to match the ESTABLISHED? > (I'm asking this because Budai's initial rules only had RELATED and his > ftp wasn't working) > Then after establishing the RELATED ftp-data, subsequent packets match > the ESTABLISHED again? You have two connections : ftp ftp-data First ftp connection packet is NEW, others are ESTABLISHED. Then, a ftp-data connection is built. First ftp-data connection packet is RELATED, others are ESTABLISHED. Problem with Budai's ruleset is that it does not accept ESTABLISHED packet in FORWARD chain, as you told him at first with the rule that fixes the issue. -- Cédric Blancher <blancher@xxxxxxxxxxxxxxxxxx> IT systems and networks security - Cartel Sécurité Phone : +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99 PGP KeyID:157E98EE FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE
