> If I'm correct then iptables is statefull connection capable, this means I > should not use rules like: > If state of connection is ESTABLISHED ... > If state of connection is RELATED ...
Stateful connection means that you can have a simple rule up front to allow for established and related connections. It simplifies the rules and is supposed to bypass a lot of the rule checking for allowed traffic. After the established/related rules allowance you follow with the detailed packets that you want to allow for new connections; after establishment the connections will be handled by the established/related rule. FWIW I recommend using an iptables management package like shorewall. Greatly simplifies your rules development and maintenance. Dave -- [email protected] mailing list
