win32sux |
01-04-2008 10:41 AM |
Quote:
Originally Posted by adam_blackice
(Post 3011156)
i would ask about specifying the state of the connection for the iptables firewall if it was a NEW or ESTABLISHED or RELATED or even invalid so i want to ask if i made a script that will allow only a ESTABLISHED OR RELATED connection like this
Code:
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
so my question is if i apply that to a server it will prevent any new connections ? or what i mean if it was a web or mail servers and this rule applied how clients can make a requests on this server and thanks for all
|
The iptables rules don't apply to connections - they apply to packets. Yes, if you only had a rule like that in your INPUT chain, then no new connections could be started with your box. In order to make certain exceptions (as in your web/mail example), you simply append rules for the relevant packets in state NEW, which are the ones used to start a connection. Example:
Code:
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p TCP --dport 80 -m state --state NEW -j ACCEPT
iptables -A INPUT -p TCP --dport 25 -m state --state NEW -j ACCEPT
In this example, only incoming connections to our web and mail servers are allowed.
NOTE: The second rule allows all traffic on the loopback interface.
|