[Cialug] IPTables Concept
Dave Weis
djweis at internetsolver.com
Tue Oct 31 20:20:22 CST 2006
Chris K. wrote:
> I am probably just being dense this evening, but are you saying that I
> shouldn't need the input -m state at all, and that it should just work
> because the connection out is established?
You'll need the first one to match ESTABLISHED and RELATED, but after
that, yes, you are being dense :-)
> Dave Weis wrote:
>>
>> On Tue, 31 Oct 2006, Chris K. wrote:
>>> Something like this for the smtp access?
>>> /sbin/iptables -A OUTPUT -o $OURIF -p tcp -s $OURIP --dport 25 -d
>>> $OURSMTP -j ACCEPT
>>> /sbin/iptables -A INPUT -i $OURIF -p tcp -d $OURIP -m state --state
>>> ESTABLISHED -s $OURSMTP -j ACCEPT
>>>
>>> Thanks much! (and Ive trimmed the email down a bit)
>>> Dave Weis wrote:
>>>
>>> Second line should be unnecessary with the state matching done. As
>>> written the SMTP server could send you unwanted traffic if it's taken
>>> over by setting the source port outbound to be 25.
>>
>> With the -m state that we trimmed out from the first one you should
>> get this automagically. If it doesn't work it might be a syntax problem.
>>
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
More information about the Cialug
mailing list