Hi, I am writing a firewall script and I have run into a doubt. Is it correct to allow already established and related connections by a set of rules like these at the beginning of the script... iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT ... and then only take care of NEW connections? This way I could allow ssh connections to the firewall just with this rule... iptables -A INPUT -p tcp --dport ssh -m state --state NEW -j ACCEPT ... instead of with these two rules: iptables -A INPUT -p tcp --dport ssh -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp --sport ssh -m state --state ESTABLISHED -j ACCEPT Sorry if this subject has already been asked in the mailing list (I have not found any specific information and I want to be sure that is not a mistake or a insecurity...) and thank you in advance! -- Carlos Cruz Luengo PGP key at: http://wwwkeys.eu.pgp.net/ Fingerprint: BA1C 9932 D5B4 2B53 1DBC 269B 2CC0 37C4 E996 EBF1 -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
