On Thu, May 16, 2002 at 06:51:05PM +0100, [EMAIL PROTECTED] wrote: > Hi, > > Looking over example IPTables rulesets dotted around the Internet a lot of > them ACCEPT packets that are in state ESTABLISHED or RELATED, and DROP those > in the NEW state, and that tends to form the basis of the simplest INPUT or > FORWARD tables. > > However they don't seem to mention the INVALID state anywhere, I presume > this is a problem unless the policy for the relevant chain is DROP. Is this > an oversight on the part of those config authors, or am I missing something.
Basicly, an INVALID traffic should be denied. You can put this denial rule at the very beginning of your rule set but following the structure you mentioned above and having a DROP default policy should take care of this as well. Ramin > > -- > FunkyJesus System Administration Team >
