[aklug] Re: Iptables Philosophy

From: <bryanm@acsalaska.net>
Date: Mon Jul 19 2010 - 23:13:31 AKDT

On Mon, July 19, 2010 8:40 pm, Christopher Howard wrote:
> I mean, if I'm going to allow all that anyway, why don't I just have one
> rule like so
>
> - -A INPUT -p tcp -m tcp -m state --state ESTABLISHED -j ACCEPT
>
> and say that all ESTABLISHED connections are okay?

Indeed, why not? If a connection has been established, then that
means your firewall has already allowed a connection, right?

(This is coming from an amateur firewaller, so take it cum grano salis.)

--
Bryan Medsker
bryanm@acsalaska.net
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Mon Jul 19 23:13:38 2010

This archive was generated by hypermail 2.1.8 : Mon Jul 19 2010 - 23:13:38 AKDT