On Thu, Dec 27, 2012 at 11:28:15AM +0000, Graham Murray wrote > The problem is not really the OP's fault. The problem is that if you > have tables with the form "-m state --state XXX" at the point you > upgrade, iptables-save (quite possibly called automatically by > /etc/init.d/iptables stop) will save it as "-m state --state" - ie > 'forgetting' which state(s) the rule applies to.
Thanks for pointing that out. I looked back at an archived version, and it had stuff like... -A ICMP_IN -p icmp -m state --state NEW -j UNSOLICITED -A TCP_IN -p tcp -m state --state NEW -m tcp -j UNSOLICITED -A UDP_IN -p udp -m state --state NEW -j UNSOLICITED I.e. new external connection attempts were rejected, except for my lan which bypasses this rule so I can scp/ssh etc between my machines. No wonder I was puzzled by what I saw. -- Walter Dnes <waltd...@waltdnes.org> I don't run "desktop environments"; I run useful applications
