Connection states information tables

To: Debian-Firewall List <debian-firewall@lists.debian.org>
Subject: Connection states information tables
From: Lorenzo Rossi <condor_rl@libero.it>
Date: Tue, 14 Sep 2004 16:02:25 +0200
Message-id: <[🔎] 20040914140225.GA11727@tranquillitatis.dns2go.com>
Reply-to: condor_rl@libero.it

Hi,
 i have a question concerning the tables where are maintained the
 informations about the connections state. 
 I configured my firewall script with the following lines, to permit the
 SSH traffic originated from the protected zone to go to Internet.

 iptables -A TCP_IN -i $INTERFACE -p tcp --sport 22 -m state --state
 ESTABLISHED -J ACCEPT

 iptables -A TCP_OUT -o $INTERFACE -p tcp --dport 22 -m state --state
 NEW,ESTABLISHED -j ACCEPT

The custom chain TCP_IN is listed in the default INPUT chain.
The custom chain TCP_OUT is listed in the dafault OUTPUT chain.
The dafault policy for the INPUT and OUTPUT chains, as you can imagine,
is to DROP.

 My question is:
 How many state tables are used? one table for each main chain?
 One for INPUT and one for OUTPUT?

 I'm a bit confused..... :)

 Thanks
 Lorenzo

Reply to:

Follow-Ups:
- Re: Connection states information tables
  - From: Mike Mestnik <cheako911@yahoo.com>
- Re: Connection states information tables
  - From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>

Prev by Date: PPTP NAT support with Debian Woody
Next by Date: Re: Connection states information tables
Previous by thread: Re: PPTP NAT support with Debian Woody
Next by thread: Re: Connection states information tables
Index(es):
- Date
- Thread