On Sat, Sep 20, 2003 at 06:05:01PM -0400, Matt Zimmerman wrote: > Subject: [SECURITY] [DSA-389-1] New ipmasq packages fix insecure > packet filtering rules | #$IPTABLES -A FORWARD -o $i -i ${j%%:*} -d $IPOFIF/$NMOFIF -j ACCEPT | $IPTABLES -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT This broke the port forwarding rules I have. I don't know what I'm doing, but now the forwarding rules I have in <rules/F10portfw.rul> don't help me (and if I reverse the comment above, things work again). | $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp -d $EXTIP --dport 515 \ | -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT | $IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 515 \ | -j DNAT --to $PRINTERIP:515 What should I do get port forwarding working with this security fix intact? Perhaps you only need to add "NEW" to the above state line? Please give me CCs, because I am not subscribed. -- Tom Goulet mail: uid0@em.ca UID0 Unix Consulting web: em.ca/uid0/
Attachment:
pgprlUI7BNjgM.pgp
Description: PGP signature