[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ipchains X ipfw compatibility



On Wed, Apr 26, 2000 at 12:43:26PM -0400, Seth Vidal wrote:
> > 	I'm translating a set of firewall rules from a BSD-Unix that
> > uses ipfw to ipchains in linux 2.2.14.
> > 	I have a rule that states the following:
> > 
> > 	/sbin/ipfw add 1051 pass tcp from any to any established
> I think established is ! -y in ipchains speak
> established meaning - no syn flag
> 
> anyone else know for certain

Yup, that's the bunny. New incoming connections are characterised exactly by
having the SYN flag set, continuations of already-established connections
don't have it, so something like 
	ipchains -I input -p tcp ! -y -j ACCEPT
should do the trick. You might feel happier expressly putting 
	-s 0.0.0.0/0.0.0.0
	-d 0.0.0.0/0.0.0.0
in there as well to get the 'any's across.

~Tim
-- 
| Geek Code: GCS dpu s-:+ a-- C++++ UBLUAVHSC++++ P+++ L++ E--- W+++(--) N++ 
| w--- O- M-- V-- PS PGP++ t--- X+(-) b D+ G e++(*) h++(*) r--- y-	     
| The sun is melting over the hills,         | http://piglet.is.dreaming.org/
| All our roads are waiting / To be revealed | piglet@glutinous.custard.org


Reply to: