i have other rules also, but in that case (it's just an example), i'm just wondering if somehow the stateful command of iptables influence the routing (like mark) or something like... what is the effect of -m state --state NEW or other to iptables command structure and algorithm?
indeed, what actually happened if we do -j ACCEPT (this one line only), is that have an efffect with the network kernel function? thankz, harry > In your situation, some points should be clarified. > > As your rules are not dropping anything, the two given rules will do what > they are proposed to do, but the default ACCEPT will let all the other > connections pass through. Are they useless ?? Of course not ... they WILL do > what they are supposed to do. Those rules will work despite of any default > rule. But, in this situation, allowing some packets and later allowing > everything make your rules somehow nonsense ..... > > Other thing .... if you get a machine with these two rules and DROP as > default action, your machine will be completly inacessible. You should look > that in the INPUT you're not allowing NEW connections, that means, this machine > will only receive 'return' packets from his own connections. Nobody will be > able to stablish an arbitrary connection to this machine. Altough, you're > apllying RELATED,ESTABLISHED on OUTPUT rule, which means this machine can ONLY > answer connections, and never generate new ones. > > So, your INPUT rule is trying to deny all new connections and pass through > only locally generated connections. But OUTPUT is trying to allow ONLY already > established connections and drop all locally originated ones. This absolutely > wont work !!! > > And, just in case, dont forget to set an appropriate default rule for your > chains ........ > > Sincerily, > Leonardo Rodrigues > >
