On Thu, 2003-08-14 at 14:59, Wallwork, Nathan wrote: > On 14 Aug 2003, Stephen J. McCracken wrote: > > Subject: Can someone please explain to a newbie? > > > > one gets many of the following logged to the syslog while the other > > very few: > > Have you reloaded the rules on webfilter2 since the last rules change? yes. > > > Aug 11 13:57:10 webfilter2 kernel: giptables-end-of-firewall: IN= > > OUT=eth0 SRC=10.129.130.5 DST=10.129.184.28 LEN=40 TOS=0x00 PREC=0x00 > > TTL=64 ID=33149 DF PROTO=TCP SPT=8080 DPT=1100 WINDOW=5840 RES=0x00 ACK > > FIN URGP=0 > > > > But I have the following rules generated by giptables: > > > > iptables -A interface0_out -p tcp -s 10.129.130.5 --sport 8080 -d > > 10.129.184.0/23 --dport 1024:65535 -m state --state ESTABLISHED -j > > ACCEPT > > It looks like this should match, assuming the ESTABLISH part matches. That's what I thought. What defines "ESTABLISHED"? > > Consider setting up a copy of that rul without the --state ESTABLISHED, > place that right below, and see if it catches any packets. The problem is that, being a newbie, I use giptables to set up the iptables rules and I'm not sure where to do this. Also, I would like to understand the "why" and not just get around it especially as one box, using the same ruleset hardly gets any of these while the other quite a few.
