Re: I dont know how to forward port 80

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 2005-02-13 at 07:28, Jose Maria Lopez Hernandez wrote:
> El vie, 11-02-2005 a las 08:24 -0500, Jason Opperisano escribiÃ:
> >   # allow input packets that are part of an established connection
> >   iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> > 
> >   # allow HTTP requests in
> >   iptables -A INPUT -p tcp --syn --dport 80 -j ACCEPT
> 
> Sorry, I've seen in some of your answers that you never use
> -m state --state NEW. Could you tell me why? 

for the sake of clarity.  when someone asks, "how do i allow http into
my machine" it seems clearer to say:

  iptables -A INPUT -p tcp --syn --dport 80 -j ACCEPT

rather than:

  iptables -A INPUT -m state --state NEW -p tcp --syn \
    --sport 1024:65535 --dport 80 -j ACCEPT

you're not going to make me add a disclaimer to all my posts that says
"any rules are included to clarify a point of discussion.  do not use
the rules posted without understanding the full security implications of
such an act.  firewall rules lasting more than four hours require
medical attention."

> I am updating
> my firewall and I'm very confused with this, because you
> seem to know everything about Netfilter and iptables,

heh heh--thanks, i needed a laugh.

>  and
> I am using the NEW state in all my rules. Should I do it
> or should I not? 

i do.

> And by the way, should I use the --syn
> flag?

i do.

-j

--
"I'm not a bad guy! I work hard, and I love my kids. So why should
 I spend half my Sunday hearing about how I'm going to Hell?"
	--The Simpsons




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux