Joe Tseng wrote:
I recall seeing an example rule where the person allowed all established
connections; it went something like this:
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
Is this a safe generic rule to have? Or is it better for me to state
every case explicitly?
Good, safe, and should be first. Rules are processed in order, so you
reduce the overhead by putting the most likely case first, in this case
ESTABLISHED.
--
Bill Davidsen <davidsen@xxxxxxx>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
