...
>
> I use the connection-tracking support, so I can drop everything except
> traffic related to a connection I opened. This is what I use (NAT stuff
> omitted):
>
> iptables -t filter -P FORWARD ACCEPT
> iptables -t filter -P INPUT DROP
> iptables -t filter -P OUTPUT ACCEPT
>
> modprobe ip_conntrack
> modprobe ip_conntrack_ftp
>
> iptables -A INPUT -i ! eth0 -j ACCEPT # accept everything except from
> the big bad Internet
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Sorry, I dont get that. The manpage says:
...ESTABLISHED meaning that the
packet is associated with a connection which has
seen packets in both directions...
^^^^
But if I initiate a connection, it shouldn't have seen packages in both
directions, should it? What am I missing?
Another question: (from the manpage):
...RELATED meaning that the packet is starting a new connection,
but is associated with an existing connection, such
as an FTP data transfer, or an ICMP error...
How does iptables find out, that a newly initiated connection is related
to another existing one? By process number, by vicinity in time or
something other?
All the best
Mathias
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
