Re: NAT and packets from localhost

From: Rindolf (
Date: Fri Jan 24 2003 - 11:57:40 EST

On 2003.01.24 05:48 Roland Kuhn wrote:
> Hi!
> (your linewrap did make reading this a bit of a challenge ;-) )

Sorry about that, should have taken it into account

> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> This single line magically allows mostly all applications to access
> the internet
> from the firewall while shutting out all connection attempts from the
> outside.
> ESTABLISHED matches all packets directly belonging to an established
> connection
> while RELATED takes care of e.g. ICMP error messages (like destination
> unreachable et al).

Thanks! That fixed it.

To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to
More majordomo info at

This archive was generated by hypermail 2b29 : Fri Jan 31 2003 - 22:00:01 EST