Tim Haynes wrote: > Yup, that's the bunny. New incoming connections are characterised exactly by > having the SYN flag set, continuations of already-established connections > don't have it, so something like > ipchains -I input -p tcp ! -y -j ACCEPT > should do the trick. You might feel happier expressly putting > -s 0.0.0.0/0.0.0.0 > -d 0.0.0.0/0.0.0.0 > in there as well to get the 'any's across.
This *is* the nearest equivalent, but is massively less functional than the equivalent using, for example, ipfilter - ipchains does not keep track of established connections and so cannot actually check that the packet is part of an established connection, just that it's not the start of a new one. Which is a massive difference. Nick
