Given the following simplified rules: iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT When the system boots, various daemons create persistent connections that stay established indefinitely to authentication servers like the following: clientSytem:44444 -----> authServer:389 This creates an entry in the iptables state table which works fine. But, occasionally the state table gets cleared out. Usually by something simple like someone restarting iptables. Once that happens the established connection is still there, but when the authServer sends a packet back to the clientSystem the packet is viewed as new and eventually gets dropped since their is nothing in the state table. The only way I can think of allowing for this is to create a rule that allows new connections from the authServer:389 to the clientSystem:any. Is there a better way? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
