mouss wrote:
Eial Czerwacki wrote:
I've got this too has part of the rules
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
but not for output. what if your linux box initiates the connection?
Output policy is accept, so this is no problem. The state match does not
create contracks, it just tests them. The conntrack is created once the
first packet is accepted.
Also, as I said before, allow for icmp (echo if you add a stateful
accept for output icmp's if you don't have the stateful rule).
This is a matter of taste and has nothing to do with the OPs problems.
M4
-
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
