[Firehol-support] are the generated rules optimized?
Bernhard Gruen
bjmg at h0t.de
Thu Mar 13 22:45:29 GMT 2003
Hi,
I have a question about some generated rules on my firewall setup.
There is a rule:
-A in_home_samba_c21 -p tcp -m tcp --sport 139 --dport 1024:4999 -m
state --state ESTABLISHED -j ACCEPT
now I am thinking that a rule like
-A in_home_samba_c21 --state ESTABLISHED, RELATED -j ACCEPT
should do the same job? Am I right?
I think this because a (related) packet that is from a established
connection is already checked by the tcp/ip protocol (tcp sequence
number and so on).
Bernhard
More information about the Firehol-support
mailing list