On Fri, Jul 1, 2016 at 2:16 AM, Ned Slider <n...@unixmail.co.uk> wrote: > > Try running: > > iptables -nv -L
Yes! Much sunlight awakening crusty synapses here. :-) > > The first thing I would do is move your ESTABLISHED,RELATED rule to the top > of the chain. Once you've accepted the first packet you may as well accept > the rest of the stream as quickly and efficiently as possible as you've > established the connection is not malicious. Yes - this is by far the rule with the most packets and bytes. The rule goes to the top. > > What is the default policy for the FORWARD table? Probably a little paranoid, but all my filter policies are "DROP" > For example, if you trust all traffic coming from inside your > network that is destined for the outside and want to pass that traffic > without testing for all those tcp flags (and any other rules), you could do > something like: > > -A Forward -p all -i LAN-NIC -o INET-NIC -j ACCEPT I'm definitely going to test a few different configurations. Your input is really appreciated; great nudge! Best regards, Mike _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
