> iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
You should restrict RELATED to ICMP. For TCP and UDP, RELATED can
open up your internal network to the outside world (depending on what
firewall helpers you have loaded).
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
No comments:
Post a Comment