> > Hy, > if I'm trying to use state match with the above mentioned > statement to > allow only established and/or related connections, but also new > connections get through! > Full statement is: > > iptables -A FORWARD -i $INTERNAL_INTERFACE -o > $EXTERNAL_INTERFACE -p tcp --source-port 1025:65500 > --destination-port > 1025:65500 -m state --state ESTABLISHED,RELATED -s $LAN -j ACCEPT >
this looks fine to me and should, like you want, allow anything above 1024 however connections to reserved ports needs to be dropped too or the default policy has to be adjusted accordingly bj
