Rick Stevens wrote:
Those first 6 rules could be rewritten as two:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 137:139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137:139 -j ACCEPT
Saves space and typing. ;-)
And since it's documented that 137 and 138 use UDP and 139 uses TCP, you could save *4* more characters with:
-A RH-Firewall-1-INPUT -m udp -p udp --dport 137:138 -j ACCEPT -A RH-Firewall-1-INPUT -m tcp -p tcp --dport 139 -j ACCEPT
Even if you want to leave the "-m state --state NEW" on the tcp-139 line, I'd leave it off of the udp on general principles, and because I know it works that way.
Please explain. OK, this is a request for an iptables tutorial. And BTW, I'm buying, but I'm still asking for the sales pitch ;).
Andrew
