iptables: accepting SYN --> connection ESTABLISHED
Robert Brockway
robert-5LEc/6Zm6xCUd8a0hrldnti2O/JbrIOy at public.gmane.org
Wed Oct 8 20:21:18 UTC 2003
On Wed, 8 Oct 2003, William Park wrote:
> If I accept TCP initiation by accepting packet with SYN bit, ie.
> iptables ... --syn -j ACCEPT
> does that mean that the connection is now considered established?
>
> This would mean that I can match subsequent packets with something like
> iptables ... --state ESTABLISHED -j ACCEPT
> right?
If you use ip_conntrack the state is taken care of for you (and you can
use the "--state" line above. I would avoid accepting an arbitrary packet
with the TCP SYN bit set.
Rob
--
Robert Brockway B.Sc. email: robert-5LEc/6Zm6xCUd8a0hrldnti2O/JbrIOy at public.gmane.org, zzbrock at uqconnect.net
Linux counter project ID #16440 (http://counter.li.org)
"The earth is but one country and mankind its citizens" -Baha'u'llah
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list