From: Minh Cao <minhcao123@yahoo.com>
To: Jan Engelhardt <jengelh@computergmbh.de>,
Ukeme Noah <ukeme.noah@gmail.com>
Cc: 'Minh Cao' <minhcao123@yahoo.com>, netfilter@vger.kernel.org
Subject: RE: Iptables Rules
Date: Wed, 9 Apr 2008 10:01:00 -0700 (PDT) [thread overview]
Message-ID: <401296.6393.qm@web82604.mail.mud.yahoo.com> (raw)
In-Reply-To: <alpine.LNX.1.10.0804091153100.4411@fbirervta.pbzchgretzou.qr>
Thanks for your help !
Please explain why these two acting differently.
On #2 I can login as anonymous, but ls.
Can I combine two rules into one ?
1/
-A INPUT -m state --state RELATED,ESTABLISHED -j
ACCEPT
-A INPUT -m state --state NEW -p tcp -m tcp --dport 21
-j ACCEPT
2/
-A INPUT -m state --state NEW,RELATED,ESTABLISHED -p
tcp -m tcp --dport 21 -j ACCEPT
--- Jan Engelhardt <jengelh@computergmbh.de> wrote:
>
> >On Wednesday 2008-04-09 00:01, Minh Cao wrote:
> >>Hi,
> >>Is that matter if I placed the options/extensions
> ( -m
> >>and -p ) in different orders ?
> >
> >No, but it matters between multiple -m.
>
> On Wednesday 2008-04-09 11:23, Ukeme Noah wrote:
> >Howdy,
> >The last two, the ones using the state machine
> might give you problems if
> >you use only those without specifying to allow
> established ssh connections.
> >
> >So, I'd suggest you add ,ESTABLISHED right after
> NEW to make the line
>
> Adding random states to rules of which you do not
> have the context
> is unlikely to be fruitful.
>
> --
> To unsubscribe from this list: send the line
> "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at
> http://vger.kernel.org/majordomo-info.html
>
next prev parent reply other threads:[~2008-04-09 17:01 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <47fc8b35.0e1f400a.4de1.0570@mx.google.com>
2008-04-09 9:53 ` Iptables Rules Jan Engelhardt
2008-04-09 17:01 ` Minh Cao [this message]
2008-04-09 17:03 ` Jan Engelhardt
2008-04-08 22:01 Minh Cao
2008-04-09 4:12 ` Jan Engelhardt
-- strict thread matches above, loose matches on Subject: below --
2007-09-22 18:57 Iptables rules Shams Fantar
2007-09-22 19:32 ` Eljas Alakulppi
2007-09-22 19:44 ` Mike Wright
2005-08-04 19:36 multiports Peggy Kam
2005-08-05 6:34 ` multiports Jan Engelhardt
2005-08-10 20:13 ` Maximum number of ports? Peggy Kam
2005-09-13 22:10 ` Maximum number of rules in iptables? Peggy Kam
2005-09-15 15:22 ` iptables rules Peggy Kam
2005-09-15 15:26 ` Jörg Harmuth
2005-09-15 15:37 ` Peggy Kam
2005-09-15 16:23 ` Jörg Harmuth
2005-10-21 13:46 ` Realos
2005-10-21 16:03 ` Rob Sterenborg
2005-10-21 16:19 ` Jörg Harmuth
2005-09-15 15:33 ` Jörg Harmuth
2002-09-09 4:06 Iptables rules Didier Hung Wan Luk
2002-09-07 11:59 ashivale
2002-09-07 9:39 Didier Hung Wan Luk
2002-09-07 10:36 ` Antony Stone
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=401296.6393.qm@web82604.mail.mud.yahoo.com \
--to=minhcao123@yahoo.com \
--cc=jengelh@computergmbh.de \
--cc=netfilter@vger.kernel.org \
--cc=ukeme.noah@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.