On Monday 17 December 2001 00.05, Bart De Schuymer wrote: > > When you accept ESTABLISHED, you SHOULD also accept RELATED. If not some > > things will break. > > Are you talking about oopses or something? > Why would this rule 'break' anything: > iptables -A FORWARD -d 172.16.1.2 -p tcp -m state --state ESTABLISHED -j > ACCEPT
RELATED matches not only match related helper connections such as the datachannels of FTP, but also related ICMP traffic such as "Must Fragment" as used by Path MTU discovery. Because of this, whereever you accept ESTABLISHED your SHOULD also accept RELATED, unless you have a very specific reason not to. Regards Henrik Nordstr�m MARA Systems AB, Sweden _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
