-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 martin f krafft said: > also sprach Phil Dyer <[EMAIL PROTECTED]> [2005.03.15.1512 +0100]: >> for INPUT, lose the conntrack. >> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > > why? >
Actually, good question. I thought that conntrack was for forwarding/natting only, but looking at the man page, it's not. It should be a superset of the -m state module. I do know that using the state module works for my setup. Have you tried it like above? Does it work? - -- /phil -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Public Key: http://www.dyermaker.org/gpgkey iD8DBQFCNxP6Gbd/rBLcaFwRAtE+AKDdmxGmbJ11jI8PVkuhX3hQQo+uKQCgxBvl VJEdhF8Q3hSMwMbB9IGVKUA= =MbOv -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
