Hello,
I want all traffic on port 80 be handled by a userdefined chain
"CH_WWW". Now my question: What is better, this way (I let the port
80 packets jump first, then I have _two_ ESTABLISHED,RELATED rules, as
well in the INPUT as in the CH_WWW chain):
********************************************************************
${IPT} -A INPUT -p tcp --dport 80 -j CH_WWW
${IPT} -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
[..]
And an extra ESTABLISHED,RELATED in the CH_WWW:
${IPT} -A CH_WWW -m state --state ESTABLISHED,RELATED -j ACCEPT
${IPT} -A CH_WWW (first rule)
[..]
********************************************************************
or this (I have _one_ ESTABLISHED,RELATED rule, and then let port 80
jump):
********************************************************************
${IPT} -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
${IPT} -A INPUT -p tcp --dport 80 -j CH_WWW
[..]
And an extra ESTABLISHED,RELATED in the CH_WWW:
${IPT} -A CH_WWW (first rule)
[..]
********************************************************************
Both ways work, but I'd say the second way is the best. Am I right?
Richard.
--
___________________________________________________________________
Recursion: see recursion
+------------------------------------------------------------------+
| Richard Lucassen, Utrecht |
| Public key and email address: |
| http://www.lucassen.org/mail-pubkey.html |
+------------------------------------------------------------------+
Attachment:
pgp00617.pgp
Description: PGP signature
