instaed of CAPITALS, I used simple letters as below.
iptables -A INPUT -i eth0 -d
192.168.101.60 -p tcp -m state --state established,related -j ACCEPT
But I can not use -A INPUT as -a input, then it does not work.
Anyway, I would like to get more help as to this.
I want to know that does "-m state --state established,related -j ACCEPT" work for all tcp,udp and icmp protoclos ? or only for tcp. (for tcp. it works)
I am testing below rule. It is udp.
iptables -A OUTPUT -p udp -o eth0 --dport 53 -m state --state NEW -j ACCEPT
when I have below rule for the above, it works. If I remove it, it will not. WHY?
iptables -A INPUT -p udp -i eth0 --sport 53 -j ACCEPT
pls note that I have already added below ruleiptables -A INPUT -i eth0 -d
192.168.101.60 -p tcp -m state --state established,related -j ACCEPT
Before you ask anything about IPtables, print out the results from
pls see below
[root@firebox rc.d]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere
firebox.itabspl.com state RELATED,ESTABLISHED
ACCEPT all -- localhost.localdomain localhost.localdomain
ACCEPT tcp -- anywhere
firebox.itabspl.com
tcp dpt:ssh
ACCEPT tcp -- anywhere
192.168.102.253 tcp dpt:ssh
ACCEPT icmp --
firebox.itabspl.com anywhere
ACCEPT icmp --
192.168.102.0/24 192.168.102.253ACCEPT icmp --
66.94.234.13 anywhere
ACCEPT icmp --
64.233.189.104 anywhere
ACCEPT icmp --
203.143.4.1 anywhere
ACCEPT udp -- anywhere anywhere udp spts:traceroute:33523
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp type 30
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp --
192.168.102.0/24 anywhere udp dpt:domain
ACCEPT udp -- anywhere
192.168.102.0/24 udp spt:domain
ACCEPT udp --
192.168.100.3 anywhere udp dpt:domain
ACCEPT udp -- anywhere
192.168.100.3 udp spt:domain
ACCEPT tcp --
192.168.102.25 anywhere multiport dports ssh,smtp,domain,http,https,pop3,imap
ACCEPT tcp --
192.168.102.0/24 anywhere multiport dports http,https
ACCEPT tcp --
192.168.100.3 anywhere multiport dports smtp,http,https
ACCEPT icmp --
192.168.102.25 64.233.189.104ACCEPT icmp --
64.233.189.104
192.168.102.25Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- localhost.localdomain localhost.localdomain
ACCEPT tcp --
firebox.itabspl.com anywhere tcp dpt:ssh
ACCEPT udp --
firebox.itabspl.com anywhere udp dpt:domain state NEW
ACCEPT tcp --
firebox.itabspl.com anywhere tcp dpt:domain
ACCEPT tcp --
firebox.itabspl.com anywhere tcp spt:ssh
ACCEPT tcp --
192.168.100.253 anywhere tcp spt:ssh
ACCEPT tcp --
192.168.102.253 anywhere tcp spt:ssh
ACCEPT icmp -- anywhere
firebox.itabspl.comACCEPT icmp --
192.168.102.253 192.168.102.0/24ACCEPT icmp -- anywhere
66.94.234.13ACCEPT icmp -- anywhere
64.233.189.104ACCEPT udp -- anywhere anywhere udp dpts:traceroute:33523
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp type 30
ACCEPT icmp -- anywhere
203.143.4.1