Bevan C. Bennett wrote:
Rick Stevens wrote:
Those first 6 rules could be rewritten as two:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport
137:139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport
137:139 -j ACCEPT
Saves space and typing. ;-)
And since it's documented that 137 and 138 use UDP and 139 uses TCP, you
could save *4* more characters with:
-A RH-Firewall-1-INPUT -m udp -p udp --dport 137:138 -j ACCEPT
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 139 -j ACCEPT
Even if you want to leave the "-m state --state NEW" on the tcp-139
line, I'd leave it off of the udp on general principles, and because I
know it works that way.
Thanks Rick and Bevan for correcting my buggy firewall rules. Now I
have an itch to read the man page and do some more googling as needed:)
Thanks,
Dale
