iptables -A INPUT -m state --state ESTABLISHED,RELATES -j ACCEPT . This is the only rule . No firewall hole for igmp packets . On Thu, Feb 25, 2010 at 12:08 PM, ratheesh k <ratheesh.ksz@xxxxxxxxx> wrote: >>>>>>>>>>udp doesn't go into the established state. > > I am running "igmpproxy" on my gateway box . I didnot add any rule in > INPUT chain to accept igmp packets . But i hve a rule to accept all > ESTABLISHED state packets . It am able to stream igmp from my desktop > . > > I really believe that " We dont need any rule in FORWARD chain " . > Because packets are flowing from node to node and routed . So only > INPUT and OUTPUT chains are involved . > > Thanks, > Ratheesh > > > > On Thu, Feb 25, 2010 at 12:03 AM, Christoph Paasch > <christoph.paasch@xxxxxxxxx> wrote: >> As long as there isn't any return-traffic (as it is the case for multicast- >> udp), udp doesn't go into the established state. >> >> Regards, >> Christoph >> >> On Wed 24 February 2010 wrote ratheesh k: >>> multicast packets are udp packets . But its flowing only from >>> upstream to downstream . So packet state will be always "NEW" . ?? >>> >>> my question is : whether we can see multicast data packets in >>> ESTABLISHED state ?? >>> >>> Thanks, >>> Ratheesh >>> -- >>> To unsubscribe from this list: send the line "unsubscribe netfilter" in >>> the body of a message to majordomo@xxxxxxxxxxxxxxx >>> More majordomo info at http://vger.kernel.org/majordomo-info.html >> >> -- >> Christoph Paasch >> >> Alcatel-Lucent >> IP Development >> >> www.rollerbulls.be >> -- >> -- >> To unsubscribe from this list: send the line "unsubscribe netfilter" in >> the body of a message to majordomo@xxxxxxxxxxxxxxx >> More majordomo info at http://vger.kernel.org/majordomo-info.html >> > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
