* Quoting Mathias Palm ([EMAIL PROTECTED]): > > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > > Sorry, I dont get that. The manpage says: > > ...ESTABLISHED meaning that the > packet is associated with a connection which has > seen packets in both directions... > ^^^^ > But if I initiate a connection, it shouldn't have seen packages in both > directions, should it? What am I missing?
That's for the FORWARD-Chain. In the INPUT-Chain, you only have one Direction, so it sees syn,ack-package and treats the connection as established. > ...RELATED meaning that the packet is starting a new connection, > but is associated with an existing connection, such > as an FTP data transfer, or an ICMP error... That's where the protocoll-helpers come into place. The keep track of what's happening at the protocol-level and see, when a data-connection is requested. That also makes them potentially more vulnerable to exploits. > How does iptables find out, that a newly initiated connection is related > to another existing one? By process number, by vicinity in time or > something other? In the FTP-case it sees the PORT-command inside the ftp-connection. With other connections it uses some sort of heuristics. You could also say it kind of guesses. - Rolf -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]