I've always had the following rules (default flushing, policy and stuff omitted):
iptables -A FORWARD -i ppp0 -o eth0 -m state --state ESTABLISHED, RELATED -j ACCEPT iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT Basically, I got this from a bit of reading, some examples found on the internet, and understood it as let everything out, but only related and established connections back in. This has always worked but I never checked the list output. I did today: iptables --list and got (again other stuff omitted) Chain FORWARD (Policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere uhm, is that OK? It doesn't look it to me. Shouldn't the source and destination be filled in as ppp0 and eth0? Or doesn't --list list that properly? I'm worried that the anywhere anywhere means that the related and established rule never gets triggered. P.S. I also tried iptables -nL and got (unrelevant stuff omitted) Chain FORWARD (Policy DROP) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 Regards, --- Edward Dekkers (Director) Triple D Computer Services P/L -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
