Alexander N wrote:

Това ние много добре го знаем.
Но казаното горе няма нищо общо с него.
Та за това попитах.

това "дживотно" значи следното :

Forward all legitimate responses to forwarded traffic.

This match directive says that only
connections defined by the kernel will be created. The kernel
maintains state of connection definitions and no new connection
types can be constructed or defined because they will be rejected.
There are four states that can be used; INVALID, ESTABLISHED, NEW,
and RElATED. Invalid means that the packet is associated with no
know stream or connection and could be a partial or corrupted
header. Established means that the packet is part of an already
established connection and is also a valid packet. New means that
the packet has or will start a new connection and that the
connection previously did not exist. Related means that the packet
is starting a new connection and is associated with an already
established connection. An example of this would be the FTP
protocol. When a control ftp connection is created, it correlates
to a new connection. When a file is transferred via ftp a second
connection, or related connection, is created to transfer the data
across the wire.

Четеш ли изобщо thread-а или просто пишеш автоматично защото те сърбят пръстите?

Човека написа:
"+ естествено разрешение във FORWARD таблицата за  RELATED връзки
  и NEW връзки, но само от 'вътре на вънка;"

което аз си го представям като:

iptables -A FORWARD -i $internal_interface -o $external_interface -m state --state RELATED,NEW -j ACCEPT

което според мен няма смисъл и няма да работи.

Георги Александров

