DROP or REJECT with STATE flags

To: debian-firewall@list.debian.org
Subject: DROP or REJECT with STATE flags
From: Theodore Knab <tjk@annapolislinux.org>
Date: Tue, 26 Apr 2005 09:21:17 -0400
Message-id: <[🔎] 20050426132117.GB15373@annapolislinux.org>

Is there any advantage/disadvantage of using state for DROPS and REJECTS ?

I noticed I had the following rules which I really don't understand on my
transparent bridge.`

IPTABLES="/sbin/iptables"
OINT="eth1"

$IPTABLES -I FORWARD -m state --state INVALID -j DROP
$IPTABLES  -A FORWARD  -p tcp -m state -m physdev --physdev-in $OINT -s 129.2.16.23/32 --destination-port 25 --state NEW,ESTABLISHED,RELATED -j REJECT 
$IPTABLES  -A FORWARD  -p tcp  -m state  -m physdev --physdev-in $OINT --destination-port 1:1024 --state NEW,ESTABLISHED,RELATED -j REJECT
$IPTABLES  -A FORWARD  -p udp  -m state  -m physdev --physdev-in $OINT --destination-port 1:1024 --state NEW,ESTABLISHED,RELATED -j REJECT


-- 
------------------------------------------
Ted Knab
Chester, Maryland  21619 USA
------------------------------------------
The perception of knowledge is an egotistical farce in which
humans extrapolate from simplifications.

Reply to:

Prev by Date: Re: RE: Error-Guard Support Request
Next by Date: Re: A query about interfaces
Previous by thread: Re: MPPE-encryption Bintec VPN25<=>sarge
Next by thread: Using NAT with multiple protocols
Index(es):
- Date
- Thread