iptables problem
Lord of Gore
lordofgore at logsoftgrup.ro
Thu Jan 18 09:47:01 UTC 2007
tamer amr wrote:
> thank for replay
> but i still cant understand the difference
>
> frist i made
>
> 1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
> 2 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
> here i can ssh the host
>
> then i removed the seconed rule to be
>
> 1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
>
> here i cound not ssh this host
>
>
> i can't understand the logic can you explain me why in the frist state
> i cant ssh and in the second i can't
>
>
>
> "Gaddis, Jeremy L." <jeremy at linuxwiz.net> wrote: On 1/18/07, tamer amr wrote:
>
>> hi i have a strang problem
>> why any host can ssh me in the first list but can't in the second list
>>
>> please i want to understand this case
>>
>
> Seeing as how the only difference between the two is a single rule, I
> would hope it's obvious where you should be looking.
>
>
>> 2 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
>>
>
> In the first list, you're explicitly allowing "NEW" connection to the
> "ssh" port in. In the second list, you're simply allowing traffic for
> any already "ESTABLISHED" connections.
>
> Please tell me this makes sense to you.
>
>
You might understand if you'd try to learn what related, established,
new, state, tcp, dpt and ssh means. After you will do this the second
rule will become a humanly readable sentence.
More information about the redhat-list
mailing list