On Wednesday 2008-04-09 19:01, Minh Cao wrote:
>Thanks for your help !
>
>Please explain why these two acting differently.
>On #2 I can login as anonymous, but ls.
^ but not ls
That's because in #2, you limit RELATED to port 21,
which is essentially meaningless.
In #1, RELATED applies to any port (as does ESTABLISHED).
>Can I combine two rules into one ?
>
>1/
>-A INPUT -m state --state RELATED,ESTABLISHED -j
>ACCEPT
>-A INPUT -m state --state NEW -p tcp -m tcp --dport 21
>-j ACCEPT
No.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
