On Thu, Jun 19, 2003 at 10:08:54AM +0200, Pascal Italiaander wrote: > Op donderdag 19 juni 2003 06:02, schreef Ramin Dousti: > > On Thu, Jun 19, 2003 at 02:01:21AM +0200, Pascal Italiaander wrote: > > > small errors were in it, fixed: > > > > > > iptables -I INPUT -p all -m mac --mac-source 10:20:30:40:05:06 -m \ > > > state --state NEW -j ACCEPT > > > iptables -I OUTPUT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT > > > > Just a performance note. Since a high percentage of the packets are > > ESTABLISHED,RELATED it is recommended to have this rule at the > > beginning of the rule set prior to any other rule and also "-p all" > > is redundant... > > > > Ramin > > > > > Pascal > > > huhum.... , did you notice the -I insert rule ? > > The -I rule means that the rule is placed at the beginning of the chain. :-) Yes, sorry. I'm used to -A... which gives you a chronological order of the rule setup. With -I you have to read the rules in the reverse order ;-) Ramin > > Pascal > > >
