-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 20 Nov 2002 09:48:59 +0800, Edward Dekkers wrote:
> I've always had the following rules (default flushing, policy and > stuff omitted): > > iptables -A FORWARD -i ppp0 -o eth0 -m state --state ESTABLISHED, > RELATED -j ACCEPT > iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT > > Basically, I got this from a bit of reading, some examples found on > the internet, and understood it as let everything out, but only > related and established connections back in. This has always worked > but I never checked the list output. I did today: > > iptables --list and got (again other stuff omitted) > > Chain FORWARD (Policy DROP) > target prot opt source destination > ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED > ACCEPT all -- anywhere anywhere > > uhm, is that OK? It doesn't look it to me. Shouldn't the source and > destination be filled in as ppp0 and eth0? Or doesn't --list list that > properly? I'm worried that the anywhere anywhere means that the > related and established rule never gets triggered. Add option --verbose or even better, use iptables-save. - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) iD8DBQE92vnQ0iMVcrivHFQRAkqnAJ9xPMwfwwqgMYWwhrztfyh0NEhxIgCfQq9q VL/KMsWt7Yfycpi51ZIV3zs= =JAPN -----END PGP SIGNATURE----- -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
