Please, provide more information about your setup. What are the policies of your chains? What is your ruleset? What is your topology? What do you want to achieve, and what are you observing? Christoph On Thu 25 February 2010 wrote ratheesh k: > iptables -A INPUT -m state --state ESTABLISHED,RELATES -j ACCEPT . > > This is the only rule . No firewall hole for igmp packets . > > On Thu, Feb 25, 2010 at 12:08 PM, ratheesh k <ratheesh.ksz@xxxxxxxxx> wrote: > >>>>>>>>>>udp doesn't go into the established state. > > > > I am running "igmpproxy" on my gateway box . I didnot add any rule in > > INPUT chain to accept igmp packets . But i hve a rule to accept all > > ESTABLISHED state packets . It am able to stream igmp from my desktop > > . > > > > I really believe that " We dont need any rule in FORWARD chain " . > > Because packets are flowing from node to node and routed . So only > > INPUT and OUTPUT chains are involved . > > > > Thanks, > > Ratheesh > > > > > > > > On Thu, Feb 25, 2010 at 12:03 AM, Christoph Paasch > > > > <christoph.paasch@xxxxxxxxx> wrote: > >> As long as there isn't any return-traffic (as it is the case for > >> multicast- udp), udp doesn't go into the established state. > >> > >> Regards, > >> Christoph > >> > >> On Wed 24 February 2010 wrote ratheesh k: > >>> multicast packets are udp packets . But its flowing only from > >>> upstream to downstream . So packet state will be always "NEW" . ?? > >>> > >>> my question is : whether we can see multicast data packets in > >>> ESTABLISHED state ?? > >>> > >>> Thanks, > >>> Ratheesh > >>> -- > >>> To unsubscribe from this list: send the line "unsubscribe netfilter" in > >>> the body of a message to majordomo@xxxxxxxxxxxxxxx > >>> More majordomo info at http://vger.kernel.org/majordomo-info.html > >> > >> -- > >> Christoph Paasch > >> > >> Alcatel-Lucent > >> IP Development > >> > >> www.rollerbulls.be > >> -- > >> -- > >> To unsubscribe from this list: send the line "unsubscribe netfilter" in > >> the body of a message to majordomo@xxxxxxxxxxxxxxx > >> More majordomo info at http://vger.kernel.org/majordomo-info.html > > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- Christoph Paasch Alcatel-Lucent IP Development www.rollerbulls.be -- -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
