Hi, I'm trying to configure some basic iptables rules, and came across to "state" module. Could someone please explain me, what is the main difference between using "--state ESTABLISHED" and "!--syn" options in iptables?
I thought I will define rules for incomming ssh-connections as: iptables -A INPUT --sport 1024:65535 -d $MY_IP --dport 22 -p tcp -j ACCEPT iptables -A OUTPUT -s $MY_IP --sport 22 --dport 1024:65535 -p tcp !--syn -j ACCEPT If I substitute the second rule with: iptables -A OUTPUT -s $MY_IP --sport 22 --dport 1024:65535 -p tcp -m state --state ESTABLISHED -j ACCEPT would it be the same? Or should I combine --state ESTABLISHED with !--syn ? Jarry -- gentoo-user@gentoo.org mailing list
