connection tracking without iptables?
Alexis
alexis at tpys.com.ar
Wed Sep 29 22:57:29 CEST 2004
Yes it is, is inside the code, i think this example could explain you
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -P FORWARD DROP
iptables -A FORWARD -i $inside_interface -o $outside_interface -m state
--state NEW -j ACCEPT
iptables -A FORWARD -i $outside_interface -m state --state
RELATED,ESTABLISHED -j ACCEPT
That's it, this is what you need in order to get a statefull firewall with 2
interfaces.
> -----Mensaje original-----
> De: netfilter-bounces at lists.netfilter.org
> [mailto:netfilter-bounces at lists.netfilter.org] En nombre de
> Jiann-Ming Su
> Enviado el: Miércoles, 29 de Septiembre de 2004 17:51
> Para: netfilter at lists.netfilter.org
> Asunto: connection tracking without iptables?
>
> This is probably a dumb question, but is it possible to track
> connections without iptables/netfilter?
> --
> Jiann-Ming Su
> "I have to decide between two equally frightening options.
> If I wanted to do that,
> I'd vote." --Duckman
>
>
More information about the netfilter
mailing list