On Sat, Sep 20, 2003 at 06:05:01PM -0400, Matt Zimmerman wrote: > Subject: [SECURITY] [DSA-389-1] New ipmasq packages fix insecure > packet filtering rules
| #$IPTABLES -A FORWARD -o $i -i ${j%%:*} -d $IPOFIF/$NMOFIF -j ACCEPT
| $IPTABLES -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
This broke the port forwarding rules I have. I don't know what I'm
doing, but now the forwarding rules I have in <rules/F10portfw.rul>
don't help me (and if I reverse the comment above, things work again).
| $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp -d $EXTIP --dport 515 \
| -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
| $IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 515 \
| -j DNAT --to $PRINTERIP:515
What should I do get port forwarding working with this security fix
intact? Perhaps you only need to add "NEW" to the above state line?
Please give me CCs, because I am not subscribed.
--
Tom Goulet mail: [EMAIL PROTECTED]
UID0 Unix Consulting web: em.ca/uid0/
pgp688ySHzF7X.pgp
Description: PGP signature
