![]() ![]() The packet is starting a new connection, but is associated withĪn existing connection, such as an FTP data transfer or an ICMP Now on the client side, he opened an outgoing connection to server on port 21 using a local port 50000 and he needs the following iptables to allow the response to arrive from server (21) to client (50000): sudo iptables -A INPUT -m state -state ESTABLISHED -j ACCEPT The packet is associated with a connection which has seen The client on port 50000 (any random unprivileged port) connects to FTP server on port 21, the server would need at least this to accept this incoming connection: iptables -A INPUT -dport 21 -m state -state NEW -j ACCEPT With a connection which has not seen packets in both directions. NEW The packet has started a new connection or otherwise ![]() Asumming for both server and client a restrictive INPUT and open OUTPUT, i.e.: iptables -P INPUT DROPĪnd from iptables-extensions(8) over the example of FTP in active mode:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |