iptables: accepting SYN --> connection ESTABLISHED
William Park
opengeometry-FFYn/CNdgSA at public.gmane.org
Thu Oct 9 06:12:06 UTC 2003
On Thu, Oct 09, 2003 at 01:53:02AM -0400, Robert Brockway wrote:
> On Wed, 8 Oct 2003, William Park wrote:
>
> > > I would avoid accepting an arbitrary packet with the TCP SYN bit set.
> >
> > Yes, I only do this for port 25. I first accept SYN packet, but drop
> > all subsequent packets. But, I also allow ESTABLISHED connections in
> > general. So, having accepted SYN packet, the SMTP connection is now
> > established. Hence, every mail comes through. :-(
>
> Hi William. You'd need to allow ACK through as well as SYN or the
> connection would never get to the established state (where the ESTABLISHED
> rule would take over).
Thanks Rob. That seems to ring a bell somewhat. ;-)
--
William Park, Open Geometry Consulting, <opengeometry-FFYn/CNdgSA at public.gmane.org>
Linux solution for data management and processing.
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list