LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   iptables connection tracking (https://www.linuxquestions.org/questions/linux-newbie-8/iptables-connection-tracking-4175583398/)

krishnar 06-29-2016 10:24 PM
iptables connection tracking
 
Hi Experts,

I am looking for some detailed explanation about iptables connection tracking.

krish@raspberrypi:~ $ sudo iptables -I INPUT 1 -m conntrack --ctstate ESTABLISHED -s 192.168.1.69 -p tcp -j ACCEPT

I understand that this command will track the connection state and permit return traffic in the INPUT chain.

Can anyone please give a detailed explanation about this. What does the state RELATED do?

Krish

TB0ne 06-30-2016 07:16 AM
Quote:
Originally Posted by krishnar (Post 5568199)
Hi Experts,
I am looking for some detailed explanation about iptables connection tracking.

krish@raspberrypi:~ $ sudo iptables -I INPUT 1 -m conntrack --ctstate ESTABLISHED -s 192.168.1.69 -p tcp -j ACCEPT

I understand that this command will track the connection state and permit return traffic in the INPUT chain. Can anyone please give a detailed explanation about this. What does the state RELATED do?
Any of the thousands of pages of easily-found documentation can give you a detailed explanation...did you try to look any of them up? And you only MENTION related, but don't actually use it in what you posted.
https://help.ubuntu.com/community/IptablesHowTo
http://www.iptables.info/en/connection-state.html
Code:
--ctstate - Define the list of states for the rule to match on. Valid states are:
NEW - The connection has not yet been seen.
RELATED - The connection is new, but is related to another connection already permitted.
ESTABLISHED - The connection is already established.
INVALID - The traffic couldn't be identified for some reason.

lazydog 06-30-2016 09:45 AM
A good example of a RELATED connection would be FTP. FTP connects on port 21 but transfers data over port 20. Thus in this case port 20 would be allowed provided it is configured properly.

You can look at what is being tracked using conntrack You might have to install it first.

AwesomeMachine 06-30-2016 01:28 PM
Usually you would use states, ESTABLISHED,RELATED on the input, and NEW,ESTABLISHED,RELATED on the output.


All times are GMT -5. The time now is 03:56 PM.