SunQuest
           Linux Help
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Dev Shed ForumsOperating SystemsLinux Help
Reload this Page

iptables state matching

Discuss iptables state matching in the Linux Help forum on Dev Shed.
iptables state matching Linux Help forum discussing topics including usage, troubleshooting, modules, and distributions. Linux is an open source OS, based on UNIX.

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
Generate data entry and reporting .NET Web apps in minutes, straight from your database. Read our FREE whitepaper “Build Web 2.0 Applications Without Hand-Coding” Download now!
  #1  
Old September 13th, 2002, 05:22 AM
christo's Avatar
christo christo is offline
Introspective
Dev Shed Loyal (3000 - 3499 posts)
  
Join Date: Nov 2001
Location: London, UK
Posts: 3,296 christo User rank is Second Lieutenant (5000 - 10000 Reputation Level)christo User rank is Second Lieutenant (5000 - 10000 Reputation Level)christo User rank is Second Lieutenant (5000 - 10000 Reputation Level)christo User rank is Second Lieutenant (5000 - 10000 Reputation Level)christo User rank is Second Lieutenant (5000 - 10000 Reputation Level)christo User rank is Second Lieutenant (5000 - 10000 Reputation Level)christo User rank is Second Lieutenant (5000 - 10000 Reputation Level) 
Time spent in forums: 3 Days 1 h 5 m 42 sec
Reputation Power: 101
Send a message via ICQ to christo Send a message via Yahoo to christo
iptables state matching
Hi,

just looking at the line below, which I have seen in some firewalling configurations, and I'm wondering about the state directive.

iptables -A INPUT -i eth0 -m state --state NEW,INVALID -j DROP

This line appears to drop all packets from NEW connections, which suggests that only ESTABLISHED and their RELATED connections will be pass on. Now, if I have above this a line that says:

iptables -A INPUT -i eth0 -s 212.18.226.160 -j ACCEPT # Chris at home,

then I would expect my connections from home to the firewalled network to be accepted.

My question is this: I am assuming that any connection I make from home would be a NEW connection, so how would I be able to keep the current firewalling restrictions, whilst allowing connections from my home IP 212.18.226.160?

thanks guys,
christo
Reply With Quote
  #2  
Old September 13th, 2002, 11:39 AM
christo's Avatar
christo christo is offline
Introspective
Dev Shed Loyal (3000 - 3499 posts)
  
Join Date: Nov 2001
Location: London, UK
Posts: 3,296 christo User rank is Second Lieutenant (5000 - 10000 Reputation Level)christo User rank is Second Lieutenant (5000 - 10000 Reputation Level)christo User rank is Second Lieutenant (5000 - 10000 Reputation Level)christo User rank is Second Lieutenant (5000 - 10000 Reputation Level)christo User rank is Second Lieutenant (5000 - 10000 Reputation Level)christo User rank is Second Lieutenant (5000 - 10000 Reputation Level)christo User rank is Second Lieutenant (5000 - 10000 Reputation Level) 
Time spent in forums: 3 Days 1 h 5 m 42 sec
Reputation Power: 101
Send a message via ICQ to christo Send a message via Yahoo to christo
okay I've worked it out... rules are checked sequentially

Christo
Reply With Quote
Reply

Viewing: Dev Shed ForumsOperating SystemsLinux Help > iptables state matching

« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump


Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 





© 2003-2008 by Developer Shed. All rights reserved. DS Cluster 1 hosted by Hostway