On 1/18/07, tamer amr <tamer_linux@xxxxxxxxx> wrote:
thank for replay but i still cant understand the difference 1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED 2 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh here i can ssh the host
Of course you can. Your second rule is telling iptables to allow "NEW" ssh connections. The first rule will not match on *NEW* connections and is not involved in the "setting up" of new connections.
then i removed the seconed rule to be 1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED here i cound not ssh this host
Right, because you removed the rule that was permitting the connections in the first place. Flush your ruleset, run "iptables -vnL", and look at the counters. Connect in via SSH, then run "iptables -vnL" again and look at the counters. You'll see that the second rule is what's matching your *NEW* connection to 22/TCP. -- Jeremy L. Gaddis, MCP, GCWN http://www.linuxwiz.net/ -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
