Op donderdag 19 juni 2003 06:02, schreef Ramin Dousti: > On Thu, Jun 19, 2003 at 02:01:21AM +0200, Pascal Italiaander wrote: > > small errors were in it, fixed: > > > > iptables -I INPUT -p all -m mac --mac-source 10:20:30:40:05:06 -m \ > > state --state NEW -j ACCEPT > > iptables -I OUTPUT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT > > Just a performance note. Since a high percentage of the packets are > ESTABLISHED,RELATED it is recommended to have this rule at the > beginning of the rule set prior to any other rule and also "-p all" > is redundant... > > Ramin > > > Pascal huhum.... , did you notice the -I insert rule ? The -I rule means that the rule is placed at the beginning of the chain. :-) Pascal
