On Thu, 22 Jan 2004 17:34:28 +1100, Alex Satrapa <alex@xxxxxxxxxxxxxxxx> wrote in message <400F6EF4.2060608@xxxxxxxxxxxxxxxx>: > Technical wrote: > > -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j > > ACCEPT > > For this chain (presumably packets inbound to the network), accept > any packets that are part of established TCP connections (ie: a SYN > packet for the connection has gone out from the network), or related > to UDP packets that have gone out through the firewall. > > > -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited > > Otherwise, reject the packet by sending back an ICMP message telling > the remote host that communication with its intended target is > administratively prohibited. .."Otherwise, " is not part of this last rule. "Otherwise, " could understood as a context where these 2 rules appear as shown. -- ..med vennlig hilsen = with Kind Regards from Arnt... ;-) ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case.
