> In other words putting "accept from anywhere -m --state > ESTABLISHED,RELATED" on each of the default chains allows any > traffic that's related to an existing permitted connection. > Should that be at the top [first rule match wins?] of each table? Well, only the initial request is handled by each specific rule, the rest is handled by RELATED,ESTABLISHED. So yes : I'd put it (almost) on top for performance reasons. You could however put some filtering rules that you want/need in front of it. Gr, Rob
