iptables question
jludwig
wralphie at comcast.net
Tue Jul 27 03:09:37 UTC 2004
On Mon, 2004-07-26 at 22:06, Thomas Sapp wrote:
> On Mon, 2004-07-26 at 18:56, jludwig wrote:
snip
> > > Tom Sapp
> > > http://www.sappsworld.com
> > Try
> > iptables -t filter -R RH-Firewall-1-INPUT 9 -p tcp -s 204.99.118.0/24 -j
> > ACCEPT
> >
> > The rule is there but does nothing without a jump to filter (-j DROP,
> > ACCEPT, REJECT, etc)
> > --
> > jludwig <wralphie at comcast.net>
> cool, thanks. That added the accept but what about the state NEW tcp
> dpt:ftp? It still tells me that --state is invalid and that is the only
> option I see to add that info. Sorry for the stupid questions. :-)
> --
> Thanks,
> Tom Sapp
> http://www.sappsworld.co
The -m says insert module state S.A.
iptables -t filter -R RH-Firewall-1-INPUT 9 -p tcp -s 192.168.14.12/32
-m state --state NEW -j DROP
$IPTABLES -A FORWARD -s 192.168.12.12/32 -d 0/0 --match state --state
NEW -j LOG $LLN --log-prefix "jMOD "
NEW or !NEW (not NEW)
ESTABLISHED or !ESTABLISHED
RELATED or !RELATED
or even !192.168.12.12/32
--
jludwig <wralphie at comcast.net>
More information about the fedora-list
mailing list