Re: iptables syntax

[Danny Sauer <sauer@cloudmaster.com>]

On Mon, Feb 26, 2001 at 10:31:35AM -0600, charles@lunarmedia.net wrote:
> i am not 100% up to speed with the syntax for iptables compared to
> ipchains. i tried using this gnome app called firestarter to generate a
> vanilla config so that i can save myself some typing and just edit their
> file.
> 
> starting iptables based on their firewall.sh file is pretty smooth, but
> they seem to be dropping any incoming packets for outbound sessions trying
> to be established.
> 
> if anyone is familiar with iptables syntax, can you check me here? i'll be
> reading up on it today.
> i am sure this is the line that should allow packets inbound for outbound
> initiated sessions.
> it looks like the problem is in the state check. removing this line, and
> just checking on s/d ports allows traffic to flow.
> 
> 
> $IPT  -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -s 0/0 -d $NET
> --dport 1023:65535 -j ACCEPT

That syntax looks fine to me (assuming the vars are right).  Do you have
the relevent connection tracking support compiled in, or the right 
(ip_conntrack / ip_conntrack_ftp / etc) modules loaded?  If you leave the
source and destination off, does it still fail?

--Danny, trying to remember to be more active on the list again...
-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.