3 Dec
2003
3 Dec
'03
07:49
hi !
Stefan Andreas Tichy
On Mon, Dec 01, 2003 at 05:15:21PM +0100, Peer Stefan wrote:
Shouldn't that read iptables -A INPUT -i eth0 -p 47 -j ACCEPT iptables -A FORWARD -i eth0 -o eth1 -p 47 -j ACCEPT iptables -A OUTPUT -o eth1 -p 47 -j ACCEPT
No, just use the FORWARD chain. For ascii art fans: packet-filtering-HOWTO-6.html
And what about replies?
Good question.
I'd suggest using -m state --state ESTABLISHED,RELATED ... wouldn't that work ?
-- Stefan Tichy
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here