On Tue, Feb 20, 2001 at 05:30:19PM +0000, John P . Looney wrote:
> It's a big enough difference, but not massive. For a start, you get
> stateful rules; so you can do stuff like
>> iptables -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
>> to accept all inbound (assuming eth0 is the external interface) traffic,
> that's due to an existing outbound connection. Well good.
Yeah, and insmod ip_nat_ftp and ip_conntrack_ftp and netfilter willcheck
outgoing ftp control connections for the PORT command and allow incoming
data connections by using the RELATED state. No more passive ftp, super
sweet.
--
Martin
--
Bother! said Pooh, as he was captured by Nazi Smurf commandos.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
