LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-29-2016, 11:24 PM   #1
krishnar
LQ Newbie
 
Registered: May 2016
Posts: 21

Rep: Reputation: Disabled
iptables connection tracking


Hi Experts,

I am looking for some detailed explanation about iptables connection tracking.

krish@raspberrypi:~ $ sudo iptables -I INPUT 1 -m conntrack --ctstate ESTABLISHED -s 192.168.1.69 -p tcp -j ACCEPT

I understand that this command will track the connection state and permit return traffic in the INPUT chain.

Can anyone please give a detailed explanation about this. What does the state RELATED do?

Krish
 
Old 06-30-2016, 08:16 AM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 19,272

Rep: Reputation: 4440Reputation: 4440Reputation: 4440Reputation: 4440Reputation: 4440Reputation: 4440Reputation: 4440Reputation: 4440Reputation: 4440Reputation: 4440Reputation: 4440
Quote:
Originally Posted by krishnar View Post
Hi Experts,
I am looking for some detailed explanation about iptables connection tracking.

krish@raspberrypi:~ $ sudo iptables -I INPUT 1 -m conntrack --ctstate ESTABLISHED -s 192.168.1.69 -p tcp -j ACCEPT

I understand that this command will track the connection state and permit return traffic in the INPUT chain. Can anyone please give a detailed explanation about this. What does the state RELATED do?
Any of the thousands of pages of easily-found documentation can give you a detailed explanation...did you try to look any of them up? And you only MENTION related, but don't actually use it in what you posted.
https://help.ubuntu.com/community/IptablesHowTo
http://www.iptables.info/en/connection-state.html
Code:
--ctstate - Define the list of states for the rule to match on. Valid states are:
NEW - The connection has not yet been seen. RELATED - The connection is new, but is related to another connection already permitted. ESTABLISHED - The connection is already established. INVALID - The traffic couldn't be identified for some reason.
 
Old 06-30-2016, 10:45 AM   #3
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,091
Blog Entries: 3

Rep: Reputation: 178Reputation: 178
A good example of a RELATED connection would be FTP. FTP connects on port 21 but transfers data over port 20. Thus in this case port 20 would be allowed provided it is configured properly.

You can look at what is being tracked using conntrack You might have to install it first.

Last edited by lazydog; 06-30-2016 at 10:48 AM.
 
Old 06-30-2016, 02:28 PM   #4
AwesomeMachine
Senior Member
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 3,128

Rep: Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550
Usually you would use states, ESTABLISHED,RELATED on the input, and NEW,ESTABLISHED,RELATED on the output.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Connection Destroy Time with Net Filter Connection Tracking Washington Ratso Linux - Networking 3 05-15-2011 03:51 PM
A question about iptables and connection tracking... trist007 Linux - Newbie 10 01-25-2011 08:56 PM
Iptables Connection Tracking karimasif Linux - Networking 1 09-05-2007 01:50 PM
how does IPTABLES -A FORWARD two way traffic without using connection tracking? farhan Linux - Security 4 09-05-2007 01:31 PM
Problem with connection tracking in IPtables!! vishamr2000 Linux - Security 2 05-09-2007 02:50 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:31 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration