Re: NAT and packets from localhost

From: Rindolf (rindolf@snappydsl.net)
Date: Fri Jan 24 2003 - 11:57:40 EST


On 2003.01.24 05:48 Roland Kuhn wrote:
> Hi!
>
> (your linewrap did make reading this a bit of a challenge ;-) )

Sorry about that, should have taken it into account

>
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> This single line magically allows mostly all applications to access
> the internet
> from the firewall while shutting out all connection attempts from the
> outside.
> ESTABLISHED matches all packets directly belonging to an established
> connection
> while RELATED takes care of e.g. ICMP error messages (like destination
>
> unreachable et al).
>

Thanks! That fixed it.

  -Rindolf
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html



This archive was generated by hypermail 2b29 : Fri Jan 31 2003 - 22:00:01 EST