[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: iptables problem



thank you
 
  i get it but what the useful in the first rule
1    ACCEPT     all  --  anywhere        anywhere    state RELATED,ESTABLISHED
 
 as long as connect via ssh i must make connection not a established  connection 
 
 so i understand that rule 
 1    ACCEPT     all  --  anywhere        anywhere    state RELATED,ESTABLISHED
 
 it is not useful isn't it ?
 
 
"Gaddis, Jeremy L." <jeremy linuxwiz net> wrote: On 1/18/07, tamer amr  wrote:
> thank for replay
>  but  i still cant understand the difference
>
> 1    ACCEPT     all  --  anywhere        anywhere    state RELATED,ESTABLISHED
> 2    ACCEPT     tcp  --  anywhere        anywhere    state NEW tcp dpt:ssh
>  here i can ssh the host

Of course you can.  Your second rule is telling iptables to allow
"NEW" ssh connections.  The first rule will not match on *NEW*
connections and is not involved in the "setting up" of new
connections.

>  then i removed the seconed rule to be
> 1    ACCEPT     all  --  anywhere        anywhere    state RELATED,ESTABLISHED
> here i cound not ssh this host

Right, because you removed the rule that was permitting the
connections in the first place.  Flush your ruleset, run "iptables
-vnL", and look at the counters.  Connect in via SSH, then run
"iptables -vnL" again and look at the counters.  You'll see that the
second rule is what's matching your *NEW* connection to 22/TCP.

-- 
Jeremy L. Gaddis, MCP, GCWN
http://www.linuxwiz.net/

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list


 
---------------------------------
Need Mail bonding?
Go to the Yahoo! Mail Q&A for great tips from Yahoo! Answers users.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]