Dear Faheem, I missunderstood the --syn flag, so your script is ok. Other way you could not receive any return packets. I confused with using -m state ! --state INVALID that means what I wrote before (all connections except invalid) legar On Sat, 13 Sep 2003 13:51:51 -0400 (EDT) Faheem Mitha <faheem@xxxxxxxxxxxxx> wrote: > > > On Sat, 13 Sep 2003, Luis legar Garcia wrote: > > > Dear Faheem, > > > > As longh as I understand the rule: > > > > iptables -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT > > > > it will reject ALL except INVALID, even 'Established' and 'Related' connections, > > which you should allways allow. > > To avoid this I'd put just before it something like > > > > iptables -A RH-Lokkit-0-50-INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT > > > > and maybe the same rule but for UDP packets. > > bye, > > legar, from Argentina > > What kinds of problems could I expect to see if these 'Established' > and 'Related' connections are not allowed? I have been using the rules > I posted for some days now, and have seen no problems yet. > > Faheem. >
