Mailinglist Archive: opensuse-security (394 mails)

< Previous Next >
Re: [suse-security] Re: IPTables and GRE Packets
  • From: BLeonhardt@xxxxxxxxxxx
  • Date: Wed, 3 Dec 2003 08:49:11 +0100
  • Message-id: <OFC3ED6B47.B79669C5-ONC1256DF1.002AC78E-C1256DF1.002A0119@xxxxxxxxxxx>




hi !

Stefan Andreas Tichy <listuser@xxxxxxxxx> schrieb am 02.12.2003 17:49:16:

> On Mon, Dec 01, 2003 at 05:15:21PM +0100, Peer Stefan wrote:
> > Shouldn't that read
> > iptables -A INPUT -i eth0 -p 47 -j ACCEPT
> > iptables -A FORWARD -i eth0 -o eth1 -p 47 -j ACCEPT
> > iptables -A OUTPUT -o eth1 -p 47 -j ACCEPT
>
> No, just use the FORWARD chain.
> For ascii art fans: packet-filtering-HOWTO-6.html
>
>
> > And what about replies?
>
> Good question.

I'd suggest using -m state --state ESTABLISHED,RELATED ... wouldn't that work ?

>
>
> --
> Stefan Tichy <listuser@xxxxxxxxx>
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>


< Previous Next >