in reality, just to conserve rule scans and sanity, you want
related,established rules to be at the TOP of the list ... once the conntrack
has been accepted you don't want to have it fall through a list of rules.
On September 3, 2003 10:09 am, Stephan Kessler wrote:
> > I suspect your machine is warpy.yomeganet.biz. The last input
> > rule drops all incoming tcp-traffic. You a just accepting
> > traffic going to 22,80,21,20,etc. Since I do not actually
> > understand your ruleset, you just might want to insert the
> > following rule before this DROP rule
> > iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
>
> Thx thats it!
>
> Greetings,
> Stephan
--
Alistair Tonner
nerdnet.ca
Senior Systems Analyst - RSS
Any sufficiently advanced technology will have the appearance of magic.
Lets get magical!
