Interesting, unless I'm blind the original conversation does not mention this. I've seen -m state and now -m helper. Where did this -m conntrack come from? > > That's why one should always have -m conntrack --ctstate ESTABLISHED(,RELATED) > in INPUT, FORWARD, and OUTPUT. It really trims down all these rules. > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
