iptables
John O'Loughlin
j.oloughlin at qmul.ac.uk
Fri Sep 15 15:16:31 UTC 2006
>
> ESTABLISHED,RELATED allows packets which are part of an established TCP
> connection i.e. the 3-way SYN-SYN/ACK-ACK has completed with no subsequent
> RST. It also allows UDP packets from a source IP/port which was a
> destination within the past 30s.
The ESTABLISHED state doesn't just apply to packets in an established tcp
connection though, it also allows packets which are part of the initial
connection exchange, the syn-ack packet, otherwise you would also need
rules to allow out these packets.
John
>
> --
> Nigel Wade, System Administrator, Space Plasma Physics Group,
> University of Leicester, Leicester, LE1 7RH, UK
> E-mail : nmw at ion.le.ac.uk
> Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
More information about the redhat-list
mailing list