On Thu, 2010-10-21 at 08:31 -0600, Kenneth Burgener wrote: > Is there a logical reason why not to have it this way?
The nice thing about the tests I put at the top (-i lo and -p icmp) is that they can be decided by just looking at the packet, no need check the state table before decideing. (Well, as long as you ignore the fact that Wade is rate limiting ping.) In addition, I like to also put the -i lo test first just to make sure I don't forget it. It's pretty important for a Linux system to be able to talk to itself. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
