On Saturday 13 April 2002 10:15 pm, Miguel wrote: > A novice doubt....... > > Please i want know how iptables works in this case? > > iptables -A FORWARD -f -j ACCEPT -s xxx.xxx.xxx.xxx -d xxx.xxx.xxx.xxx
This will forward all packets from the specified source address which are goign to the specified destination address. Both addresses must match. > it is analyse only the ip header ? Yes, IPtables only looks at packet headers (yes, there is a STRING match which looks at the contents, but it's not as sueful as you might think - see several posts in the archives about this). > and in this case is the same ? > > iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT -s > xxx.xxx.xxx.xxx -d xxx.xxx.xxx.xxx This is more strict than the previous example. This will only forward packets from the specified source address, to the specified destination address, and which are part of an established connection (ie new connectons will not get accepted by this rule). It's hard to think why you might want to use a rule like this on a live machine. > Iptables reasemble every fragment packet which through in? You do not need to worry about fragment reassembly - this is done for you (not actually by IPtables; it's done by the Linux IP stack, I believe). Antony.
