[Cialug] IPTables Concept
Chris K.
lister at kulish.com
Tue Oct 31 20:01:52 CST 2006
I am probably just being dense this evening, but are you saying that I
shouldn't need the input -m state at all, and that it should just work
because the connection out is established?
Thanks
Dave Weis wrote:
>
> On Tue, 31 Oct 2006, Chris K. wrote:
>> Something like this for the smtp access?
>> /sbin/iptables -A OUTPUT -o $OURIF -p tcp -s $OURIP --dport 25 -d
>> $OURSMTP -j ACCEPT
>> /sbin/iptables -A INPUT -i $OURIF -p tcp -d $OURIP -m state --state
>> ESTABLISHED -s $OURSMTP -j ACCEPT
>>
>> Thanks much! (and Ive trimmed the email down a bit)
>> Dave Weis wrote:
>>
>> Second line should be unnecessary with the state matching done. As
>> written the SMTP server could send you unwanted traffic if it's taken
>> over by setting the source port outbound to be 25.
>
> With the -m state that we trimmed out from the first one you should
> get this automagically. If it doesn't work it might be a syntax problem.
>
More information about the Cialug
mailing list