Re: iptables and apt-get
Posted on announce on error... Here is my original post for security:
francois@tourde.org (François TOURDE) writes:
> I.R.van Dongen <vdongen@hetisw.nl> writes:
>
> > On Tue, 11 Mar 2003 14:48:20 -0000
> > "Ian Goodall" <ijg@iangoodall.co.uk> wrote:
> >
> > > All is fine now. Adding the line:
> > >
> > > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> > >
> > > fixes the problem. Does anyone know what this line does? I found this using
> > > an online script generator at http://www.iptables.1go.dk/index1.php.
> >
> > it accepts traffic back over the socket already created, so if you allow a connection from your machine to other_machine:80 this rule allows other_machine:80 to talk back to you (iaw give you an answer) over the same socket.
>
> It accept the _related_ traffic too. For example ftp and ftp-data.
>
> But there is a side-effect; if a website (for example) is too long to reply, and you stop the browser request, then all the response packets will be rejected. So take care of your logs.
>
> --
> QOTD:
> "If I could walk that way, I wouldn't need the cologne, now would I?"
> --
> François TOURDE - tourde.org - 23 rue Bernard GANTE - 93250 VILLEMOMBLE
> Tél: 01 49 35 96 69 - Mob: 06 81 01 81 80
> eMail: mailto:francois@tourde.org - URL: http://francois.tourde.org/
--
It may or may not be worthwhile, but it still has to be done.
--
François TOURDE - tourde.org - 23 rue Bernard GANTE - 93250 VILLEMOMBLE
Tél: 01 49 35 96 69 - Mob: 06 81 01 81 80
eMail: mailto:francois@tourde.org - URL: http://francois.tourde.org/
Reply to: