DROP or REJECT with STATE flags
Is there any advantage/disadvantage of using state for DROPS and REJECTS ?
I noticed I had the following rules which I really don't understand on my
transparent bridge.`
IPTABLES="/sbin/iptables"
OINT="eth1"
$IPTABLES -I FORWARD -m state --state INVALID -j DROP
$IPTABLES -A FORWARD -p tcp -m state -m physdev --physdev-in $OINT -s 129.2.16.23/32 --destination-port 25 --state NEW,ESTABLISHED,RELATED -j REJECT
$IPTABLES -A FORWARD -p tcp -m state -m physdev --physdev-in $OINT --destination-port 1:1024 --state NEW,ESTABLISHED,RELATED -j REJECT
$IPTABLES -A FORWARD -p udp -m state -m physdev --physdev-in $OINT --destination-port 1:1024 --state NEW,ESTABLISHED,RELATED -j REJECT
--
------------------------------------------
Ted Knab
Chester, Maryland 21619 USA
------------------------------------------
The perception of knowledge is an egotistical farce in which
humans extrapolate from simplifications.
Reply to: