[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: iptables syntax
On Mon, Feb 26, 2001 at 10:31:35AM -0600, email@example.com wrote:
> i am not 100% up to speed with the syntax for iptables compared to
> ipchains. i tried using this gnome app called firestarter to generate a
> vanilla config so that i can save myself some typing and just edit their
> starting iptables based on their firewall.sh file is pretty smooth, but
> they seem to be dropping any incoming packets for outbound sessions trying
> to be established.
> if anyone is familiar with iptables syntax, can you check me here? i'll be
> reading up on it today.
> i am sure this is the line that should allow packets inbound for outbound
> initiated sessions.
> it looks like the problem is in the state check. removing this line, and
> just checking on s/d ports allows traffic to flow.
> $IPT -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -s 0/0 -d $NET
> --dport 1023:65535 -j ACCEPT
That syntax looks fine to me (assuming the vars are right). Do you have
the relevent connection tracking support compiled in, or the right
(ip_conntrack / ip_conntrack_ftp / etc) modules loaded? If you leave the
source and destination off, does it still fail?
--Danny, trying to remember to be more active on the list again...
To unsubscribe, send email to firstname.lastname@example.org with
"unsubscribe luci-discuss" in the body.