Hi, "-m state " could not use without protocol. Therefore we must use witch -p tcp. If we have alot of rule we can use additional parameter like as; iptables -A INPUT -p tcp --dport 22 -s 1.2.3.4 -m state --state ESTABLISHED,RELATED -j ACCEPT maybe this is better; iptables -A INPUT -p tcp --dport 22 -s 1.2.3.4 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT What you need, iptables give it to you. :-) 12-12-2015 12:18 tarihinde Jozsef Kadlecsik yazdı: > On Sat, 12 Dec 2015, Remzi AKYÜZ wrote: > >> Please use with -p tcp >> >> iptables -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT > That's not a solution at all, this can break a huge number of > configurations. > > Best regards, > Jozsef > >> 12-12-2015 05:38 tarihinde Dâniel Fraga yazd?: >>> After upgrading the kernel from 4.3.0 to 4.3.1 (with the same >>> configuration), -m state doesn't work anymore. >>> >>> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT >>> >>> returns: >>> >>> iptables: Protocol wrong type for socket. >>> >>> I'm using iptables v1.4.21. >>> >>> Any hints? >>> >> -- >> To unsubscribe from this list: send the line "unsubscribe netfilter" in >> the body of a message to majordomo@xxxxxxxxxxxxxxx >> More majordomo info at http://vger.kernel.org/majordomo-info.html >> > - > E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx > PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt > Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences > H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
