> Technical wrote: >> -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > > For this chain (presumably packets inbound to the network), accept any > packets that are part of established TCP connections (ie: a SYN packet > for the connection has gone out from the network), or related to UDP > packets that have gone out through the firewall. > >> -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited > > Otherwise, reject the packet by sending back an ICMP message telling the > remote host that communication with its intended target is > administratively prohibited. > > > HTH > Alex Satrapa > > If the default is that iptables to reject all packets that cannot not be deall with any of the previous rules, why would somemone use the last rule?? am I missing something??
