On Mon, Sep 10, 2001 at 05:24:15PM +0100, Tim Haynes wrote:
> My script, previously plugged, does this with connection tracking.
> iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A block -m state --state INVALID -j DROP
Indeed though some people may prefer REJECT rather than DROP to be
polite to people identing them for instance (well and to speed up
outbound connection attempts where the other end attempts ident).
[ "Rule six: There is no... rule six." - Monty Python ]
Black Cat Networks. http://www.blackcatnetworks.co.uk/
- Re: firewall
- From: Tim Haynes <firstname.lastname@example.org>