On Thu, Jun 19, 2003 at 02:01:21AM +0200, Pascal Italiaander wrote: > small errors were in it, fixed: > > iptables -I INPUT -p all -m mac --mac-source 10:20:30:40:05:06 -m \ > state --state NEW -j ACCEPT > iptables -I OUTPUT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT Just a performance note. Since a high percentage of the packets are ESTABLISHED,RELATED it is recommended to have this rule at the beginning of the rule set prior to any other rule and also "-p all" is redundant... Ramin > Pascal
