Iptables Ruleset aporia

[V13]

On Tuesday 03 August 2004 13:57, Vasilis Vasaitis wrote:
> On Tue, Aug 03, 2004 at 04:02:29AM +0300, V13 wrote:
> > On Monday 02 August 2004 17:39, beatnik wrote:
> > > Pos akrivos mporo na oriso to firewall (iptables) ruleset etsi oste na
> > > mou epistrefei paketa mono omos apo connections tis opoies ego o idios
> > > ekana initiate first?
> > >
> > > Euxaristo.
> >
> > Yparxei ena patch gia iptables to opoio apothikevei to markid stis
> > kataxoriseis toy conntrack. To mono poy xreiazesai afoy to baleis einai
> > na:
> >
> > a) Markareis tis syndeseis poy ksekinises esy
> > b) Apothikeveis to markid
> > c) Elegxeis ola ta paketa me ayto to markid
> >
> > To sygkekrimeno patch to exo dokimasei gia alo skopo kai doylevei mia
> > xara.
>
>   Δε χρειάζεται όμως patch, αυτό που ρωτάει γίνεται όμορφα κι ωραία με
> το "state" module που έχει από τη μάνα του το iptables (hint:
> ESTABLISHED), οπότε γιατί να παιδεύεσαι;

An enoei to na epitrepei na ksekinane syndeseis mono apo ayton tote nai.

An enoei to na pernei me kapoio tropo (p.x. ulog) mono ta paketa ton syndeseon 
poy ksekinisane apo to mixanima toy tote to ESTABLISHED den kanei. (ayto 
katalaba)

<<V13>>