On Tue, August 25, 2009 8:44 am, Wade Preston Shearer wrote: >> /sbin/iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > > I don't see the 'm' flag in the man file. What exactly is this > original option doing? What do related and established do?
-m loads a module. In this case the 'state' module. 'RELATED' and 'ESTABLISHED' are flags based on connections. Packets unrelated to an existing connection have a state of 'NEW'. Packets relating to an already established connection are either RELATED or ESTABLISHED. Since you clearly allowed the connection to get created in the first place, it's a good idea to just go ahead and pass them through early in your chain to save on processing. Also, it helps prevent you shooting yourself in foot by, say, breaking your SSH accept rule with a change. If you don't have the RELATED,ESTABLISHED rule, you can suddenly cut off your remote connection by changing your ssh accept rule. If you have the above mentioned rule, even if you turn off the main ssh accept, your connection will still be allowed, and you won't lose your connection. -- Matthew Walker Kydance Hosting & Consulting, Inc. - http://www.kydance.net/ PHP, Perl, and Web Development - Linux Server Administration /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
