Thu, 19 Jul 2001 22:32:20 +0300
When the time was Wed, 18 Jul 2001 23:47:20 +0100, Andrew Meredith wrote....
Andrew->> If i did only iptables -A FORWARD -p tcp ! --syn -s 220.127.116.11 --sport 53 -j ACCEPT
Andrew->> First is the same with the rule -m state --state RELATED,ESTABLISHED?
Andrew->> And second i will not accept any connection, right?
Andrew->The --syn matches SYN packets. These are the connection request packets.
Andrew->So they can't be established yet.
Andrew->> i want to make clear for me that the --syn and -m state --state RELATED,ESTABLISHED
about tcp do
Andrew->> the same work?
Andrew->"-m state --state NEW" & "--syn" do similar things for "-p tcp"
Andrew->state NEW is more generic as it works for udp and others, not just tcp.
Andrew->> with --syn i can understand that i can drop packet for new connection and with -m state
Andrew->> i can also drop packet from a new connection which i didn't call.
Andrew->I think you would be well placed to reread the FAQs and tutorials on
Andrew->iptables. I think you might have misunderstood some of the features of
May be i did n't post my questions right.
I want to allow firewall and others behind the firewall to do ftp,www,pop,smtp and dns
communication but i don't want anyone to
connect the firewall and the others behind it.
So, which is the best way to do that?
I love having the feeling of being in control
while i have the sensation of speed
The surfer of life