Posted on announce on error... Here is my original post for security: [EMAIL PROTECTED] (François TOURDE) writes:
> I.R.van Dongen <[EMAIL PROTECTED]> writes: > > > On Tue, 11 Mar 2003 14:48:20 -0000 > > "Ian Goodall" <[EMAIL PROTECTED]> wrote: > > > > > All is fine now. Adding the line: > > > > > > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > > > > > > fixes the problem. Does anyone know what this line does? I found this using > > > an online script generator at http://www.iptables.1go.dk/index1.php. > > > > it accepts traffic back over the socket already created, so if you allow a > > connection from your machine to other_machine:80 this rule allows other_machine:80 > > to talk back to you (iaw give you an answer) over the same socket. > > It accept the _related_ traffic too. For example ftp and ftp-data. > > But there is a side-effect; if a website (for example) is too long to reply, and you > stop the browser request, then all the response packets will be rejected. So take > care of your logs. > > -- > QOTD: > "If I could walk that way, I wouldn't need the cologne, now would I?" > -- > François TOURDE - tourde.org - 23 rue Bernard GANTE - 93250 VILLEMOMBLE > Tél: 01 49 35 96 69 - Mob: 06 81 01 81 80 > eMail: mailto:[EMAIL PROTECTED] - URL: http://francois.tourde.org/ -- It may or may not be worthwhile, but it still has to be done. -- François TOURDE - tourde.org - 23 rue Bernard GANTE - 93250 VILLEMOMBLE Tél: 01 49 35 96 69 - Mob: 06 81 01 81 80 eMail: mailto:[EMAIL PROTECTED] - URL: http://francois.tourde.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
