state RELATED,ESTABLISHED

[Pavlos Parissis]

Hello all,
I am trying to build my firewall in order to have a secure network as possible as i can.
I am trying to understand why i need to allow packets with state RELATED,ESTABLISHED.
Let me to describe you the sistuation.
I have small network with 8 pc and one linux server and i have as desktop machine the server, i know
know this is very bad
but for the moment is necessary.
I want my server to download and send mails via my ISP mailserver.
So a said lets allow input traffic from my mailserver,i have drop policy in input chain.
iptables -A INPUT -p tcp -s 195.170.0.5 --source-port 110 -j ACCEPT
iptables -A INPUT -p udp -s 195.170.0.5 --source-port 110 -j ACCEPT
and i use my mailclient apps sylpheed to check my mails.
when i tried to receive my mails nothing happend , sylpheed freezed.
Immediately i append the rule
iptables  -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
and i killed sylpheed and opened again and tried to receive my mails and it worked.
I said that my rules about the pop3 server don't work and tried the opposite, to drop packets from
pop3.
i delete the 2 rules and the rule about the state and  added the following rules:
iptables -A INPUT -p tcp -s 195.170.0.5 --source-port 110 -j DROP
iptables -A INPUT -p udp -s 195.170.0.5 --source-port 110 -j DROP
iptables  -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
and i couldn't receive my mails as i thought.
i had to add the rule about the state as you can see,but why?

Why am i trying to do that?
Because i want to DROP all and three chains and allow only the connections which i need.
For instance,i want to allow packets in input and forward chains with the --sport www in order to
see web sites.

I am very newbie in firewalling and i don't know if that's idea is the right from security angle.

Cheers,
Pavlos

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I love having the feeling of being in control
while i have the sensation of speed

The surfer of life
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~