[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: iptables generic INPUT rule



Joe Tseng wrote:
I recall seeing an example rule where the person allowed all established connections; it went something like this:

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

Is this a safe generic rule to have? Or is it better for me to state every case explicitly?

Good, safe, and should be first. Rules are processed in order, so you reduce the overhead by putting the most likely case first, in this case ESTABLISHED.

--
Bill Davidsen <davidsen tmr com>
  "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]