Re: [TCLUG:13767] IPCHAINS again...

To: tclug-list@mn-linux.org
Subject: Re: [TCLUG:13767] IPCHAINS again...
From: Yaron <jethro@yaron.org>
Date: Mon, 21 Feb 2000 08:32:27 -0600 (CST)
In-Reply-To: <Pine.LNX.4.10.10002210738340.18372-100000@paoli.math.umn.edu>

  Hi,

On Mon, 21 Feb 2000, Peter Lukas wrote:

> Unlike CheckPoint, IPCHAINS isn't stateful, so you'll need to enable
> inbound replies (the easiest is to do the -y flag in your inbound rule).

Yup, figured it out now.

> Fortunately, the upcoming IPTABLES is stateful and has flags for
> "established" and "related."  I've been playing around with it for a while
> and it can simplify the rulebase a great deal.

I _do_ feel like a bit of an idiot for figuring out IPCHAINS instead of
just figuring out netfilters. Yes, I know netfilters is compatible, but
I haven't been able to get it to work perfectly yet, and I should've just
focused on that! Oh well.

-Yaron

--

Follow-Ups:
- Re: [TCLUG:13767] IPCHAINS again...
  - From: Scott Dier - dieman <dieman@ringworld.org>

References:
- Re: [TCLUG:13767] IPCHAINS again...
  - From: Peter Lukas <peter@math.umn.edu>

Prev by Date: Re: [TCLUG:13767] IPCHAINS again...
Next by Date: format for cron.deny?
Prev by thread: Re: [TCLUG:13767] IPCHAINS again...
Next by thread: Re: [TCLUG:13767] IPCHAINS again...
Index(es):
- Date
- Thread