Am Fr, den 09.01.2004 schrieb Rick Stevens um 03:16: [ snip - longer list of iptables rules] > Those first 6 rules could be rewritten as two: > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport > 137:139 -j ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport > 137:139 -j ACCEPT Just for the archives: though it is seen so often - just google for iptables scripts and you will find it - to use rules for protocol type UDP with -m state makes no sense. UDP is, in opposition to TCP, a stateless protocoll and this way does not know anything about NEW or ESTABLISHED or what else. > Saves space and typing. ;-) > ---------------------------------------------------------------------- > - Rick Stevens, Senior Systems Engineer rstevens@xxxxxxxxxxxxxxx - > - VitalStream, Inc. http://www.vitalstream.com - Alexander -- Alexander Dalloz | Enger, Germany PGP key valid: made 13.07.1999 PGP fingerprint: 2307 88FD 2D41 038E 7416 14CD E197 6E88 ED69 5653
