Yes it is, is inside the code, i think this example could explain you echo 1 > /proc/sys/net/ipv4/ip_forward iptables -P FORWARD DROP iptables -A FORWARD -i $inside_interface -o $outside_interface -m state --state NEW -j ACCEPT iptables -A FORWARD -i $outside_interface -m state --state RELATED,ESTABLISHED -j ACCEPT That's it, this is what you need in order to get a statefull firewall with 2 interfaces. > -----Mensaje original----- > De: netfilter-bounces@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] En nombre de > Jiann-Ming Su > Enviado el: Miércoles, 29 de Septiembre de 2004 17:51 > Para: netfilter@xxxxxxxxxxxxxxxxxxx > Asunto: connection tracking without iptables? > > This is probably a dumb question, but is it possible to track > connections without iptables/netfilter? > -- > Jiann-Ming Su > "I have to decide between two equally frightening options. > If I wanted to do that, > I'd vote." --Duckman > >
