RE: could someone translate these rules inot plain english

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I often do it just to be thorough...  I'm only human after all.


Bob

-----Original Message-----
From: netfilter-admin@xxxxxxxxxxxxxxxxxxx
[mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx]On Behalf Of Technical
Sent: Thursday, January 22, 2004 4:48 AM
To: netfilter@xxxxxxxxxxxxxxxxxxx
Subject: Re: could someone translate these rules inot plain english


> Technical wrote:
>> -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> For this chain (presumably packets inbound to the network), accept any
> packets that are part of established TCP connections (ie: a SYN packet
> for the connection has gone out from the network), or related to UDP
> packets that have gone out through the firewall.
>
>> -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
>
> Otherwise, reject the packet by sending back an ICMP message telling the
> remote host that communication with its intended target is
> administratively prohibited.
>
>
> HTH
> Alex Satrapa
>
>


If the default is that iptables to reject all packets that cannot not be
deall with any of the previous rules, why would somemone use the last
rule??  am I missing something??



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux