Re: nf_conntrack_helper replacement?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 12/20/22 12:01, Reindl Harald wrote:
you need exactly ONE "-m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT" rule as the first of your ruleset which handles UDP and TCP (aka don't specify -p) 

Hi Reindl,

[!] -p, --protocol protocol
      The  protocol of the rule or of the packet to check.
      The specified protocol can be one of tcp, udp,
      udplite, icmp, icmpv6,esp, ah,  sctp,  mh  or
      the special keyword "all"

Is leavingf off the "-p xxx" the same and "-p all"?
If so, I am no sure tht I feel confortable opening
up "udplite, icmp, icmpv6, esp, ah,  sctp,  mh"
as well.

Thank you for all the help so far!

-T
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux