On Tuesday 29 June 2004 7:33 pm, Peter Marshall wrote:
> I was wondering if there is a way to use established, related on a subchain
> only.
>
> ex. ftp server behind firewall
>
> $IPTABLES -A FORWARD -d $IPSERVER -j ftpchain
>
> $IPTABLES -A ftpchain -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> This does not seem to work .. It only seems to work when I have the
> established,related line on the Forwared chain.
I really cannot see why this should not do what you want (which presumably is
to match only established or related packets going to $IPSERVER).
The only thing which looks a little odd to me, which I wonder whether you've
forgotten, is to make sure there is a rule for the reply packets coming back
again from $IPSERVER?
If that's not the problem, please give some more details on how you're testing
it and why you think it doesn't work.
Regards,
Antony.
--
"It would appear we have reached the limits of what it is possible to achieve
with computer technology, although one should be careful with such
statements; they tend to sound pretty silly in five years."
- John von Neumann (1949)
Please reply to the list;
please don't CC me.
