William Fitzgerald wrote:
Dear experts,
If a rule has a state of NEW does it implicitly imply ESTABLISHED also?
Looking at examples on the web I see references to both.
For example to permit access to an internal Web server, which of the
straw-man rules are correct?
Implicit Established Example:
iptables -a FORWARD -i eth0 --dport 80 -m state --state NEW -j ACCEPT
Explicit Established Example:
iptables -a FORWARD -i eth0 --dport 80 -m state --state
NEW,ESTABLISHED -j ACCEPT
I'm no expert, but i would usually have a rule that accepts any
established connections first, followed by ones where the state is new
and has the conditions you require. I've also added RELATED below as
you'd often want those to be accepted by default as well.
iptables -a FORWARD -m state --state RELATED, ESTABLISHED -j ACCEPT
iptables -a FORWARD -i eth0 --dport 80 -m state --state NEW -j ACCEPT
...
John
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html