state RELATED,ESTABLISHED

[Pavlos Parissis]

When the time was Wed, 18 Jul 2001 23:47:20 +0100, Andrew Meredith wrote....

 Andrew->> If i did only iptables -A FORWARD -p tcp ! --syn -s 195.170.0.2 --sport 53  -j ACCEPT
 Andrew->> First is the same with the rule -m state --state RELATED,ESTABLISHED?
 Andrew->> And second i will not accept any connection, right?
 Andrew->
 Andrew->Not right
 Andrew->
 Andrew->The --syn matches SYN packets. These are the connection request packets.
 Andrew->So they can't be established yet.
 Andrew->
 Andrew->> i want to make clear for me that the --syn and -m state --state RELATED,ESTABLISHED 
about tcp do
 Andrew->> the same work?
 Andrew->
 Andrew->They don't
 Andrew->
 Andrew->"-m state --state NEW" & "--syn" do similar things for "-p tcp"
 Andrew->
 Andrew->state NEW is more generic as it works for udp and others, not just tcp.
 Andrew->
 Andrew->> with --syn i can understand that i can drop packet for new connection and with -m state
--state
 Andrew->> RELATED,ESTABLISHED
 Andrew->> i can also drop packet from a new connection which i didn't call.
 Andrew->
 Andrew->I think you would be well placed to reread the FAQs and tutorials on
 Andrew->iptables. I think you might have misunderstood some of the features of
 Andrew->the system.
 
May be i did n't post my questions right.
I want to allow firewall and others behind the firewall to do  ftp,www,pop,smtp and dns
communication but i don't want anyone to 
connect the firewall and the others behind it.
So, which is the best way to do that?


Pavlos


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I love having the feeling of being in control
while i have the sensation of speed

The surfer of life
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~