Re: ipchains X ipfw compatibility
On Wed, Apr 26, 2000 at 12:43:26PM -0400, Seth Vidal wrote:
> > I'm translating a set of firewall rules from a BSD-Unix that
> > uses ipfw to ipchains in linux 2.2.14.
> > I have a rule that states the following:
> >
> > /sbin/ipfw add 1051 pass tcp from any to any established
> I think established is ! -y in ipchains speak
> established meaning - no syn flag
>
> anyone else know for certain
Yup, that's the bunny. New incoming connections are characterised exactly by
having the SYN flag set, continuations of already-established connections
don't have it, so something like
ipchains -I input -p tcp ! -y -j ACCEPT
should do the trick. You might feel happier expressly putting
-s 0.0.0.0/0.0.0.0
-d 0.0.0.0/0.0.0.0
in there as well to get the 'any's across.
~Tim
--
| Geek Code: GCS dpu s-:+ a-- C++++ UBLUAVHSC++++ P+++ L++ E--- W+++(--) N++
| w--- O- M-- V-- PS PGP++ t--- X+(-) b D+ G e++(*) h++(*) r--- y-
| The sun is melting over the hills, | http://piglet.is.dreaming.org/
| All our roads are waiting / To be revealed | piglet@glutinous.custard.org
Reply to: