El vie, 11-02-2005 a las 08:24 -0500, Jason Opperisano escribiÃ: > # allow input packets that are part of an established connection > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > > # allow HTTP requests in > iptables -A INPUT -p tcp --syn --dport 80 -j ACCEPT Sorry, I've seen in some of your answers that you never use -m state --state NEW. Could you tell me why? I am updating my firewall and I'm very confused with this, because you seem to know everything about Netfilter and iptables, and I am using the NEW state in all my rules. Should I do it or should I not? And by the way, should I use the --syn flag? Thanks and Regards. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
