On 11/28/07 09:49, Shyam Prasad wrote:
But would it not be efficient if the firewall automatically allows such packets which were validated in INPUT. that would save me lot of rules that might otherwise be necessary.
This might be easier, but I don't know about more efficient. A single "... -m state --state ESTABLISHED,RELATED ..." rule in the OUTPUT chain should take care of things.
Or if you want to be a bit different about it, you could probably put your rule(s) in a new chain and jump to said chain from both INPUT and OUTPUT. This way, you only have to have your rules one time.
some linux based firewalls(not netfilter) do this automatically since they already know the state.
Curious, what firewalls do this? Grant. . . . - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
