On Mon, 2004-04-26 at 08:46, Gun Caundle wrote:
# (2) user-defined chain for ACCEPTED TCP packets iptables -N okay iptables -A okay -p TCP --syn -j ACCEPT iptables -A okay -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A okay -p TCP -j DROP
Is there another command I could instead of '--state'? It is used in further parts of the script as well.
I am not aware of another command that implements the same functionality as state. Firewalling based on state requires the connection tracking module to be built and loaded, check your kernel config to ensure that this module is enabled, then use lsmod to see if it is loaded (it's called ip_conntrack). If it is not loaded use modprobe ip_conntrack (as root) to load it. The command above should work then Regards -- Matt Brown Email: matt(a)mattb.net.nz GSM : 021 611 544