[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: firewall question
- To: IGLU Mailing list <linux-il(at-nospam)iglu.org.il>
- Subject: Re: firewall question
- From: Ira Abramov <lists-linux-il(at-nospam)ira.scso.com>
- Date: Tue, 11 Sep 2001 11:51:24 +0300 (IDT)
- Delivered-To: iglu.org.il-linux-il@iglu.org.il
- In-Reply-To: <20010911113938.A16650@leeor.math.technion.ac.il>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
On Tue, 11 Sep 2001, Nadav Har'El wrote:
> In iptables (the newer 2.4 firewall mechaism) this is not so: the same
> rule with the necessary syntax changes,
> -A OUTPUT -p TCP --dport whois --sport 1024: -j ACCEPT
> -A INPUT -p TCP ! --syn --sport whois --dport 1024: -j ACCEPT
> will not be applied to forwarded packets at all.
then what's the point in stateful inspection? :-))))
I'm sure you meant well, but the above example would have flunked you in
iptables 101.
--
The man with the golden bun
Ira Abramov
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il