*>> iptables -A INPUT -m conntrack --ctstate INVALID -j DROP * Should be fine if you want to drop any INVALID packers both tcp, udp
Kind Regards, David 2013/4/4 Daniel Curtis <[email protected]> > Hi > > I would only ask about iptables (1.4.14-3.1) rule, which is responsible > for filtering INVALID packets. If I decide to use this rule; > > >> iptables -A INPUT -m conntrack --ctstate INVALID -j DROP > > That's an example. By using this rule, iptables will also check tcp and > udp protocols or should I use something like; > > >> iptables -A INPUT -p tcp (...) > >> iptables -A INPUT -p udp (...) > > Which solution/rule is correct and it is better to implement? > > Best regards. >
