slitaz-tools rev 804
/etc/slitaz/firewall.sh: use conntrack, state is obsolete
| author | Richard Dunbar <mojo@slitaz.org> |
|---|---|
| date | Fri Apr 26 13:25:01 2013 +0000 (2013-04-26) |
| parents | fc41098293ec |
| children | a1290b22987c |
| files | etc/slitaz/firewall.sh |
line diff
1.1 --- a/etc/slitaz/firewall.sh Fri Apr 26 12:51:26 2013 +0000 1.2 +++ b/etc/slitaz/firewall.sh Fri Apr 26 13:25:01 2013 +0000 1.3 @@ -20,10 +20,10 @@ 1.4 iptables -A INPUT -s $LOCAL_NETWORK -j ACCEPT 1.5 1.6 # Accept near all output trafic. 1.7 -iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT 1.8 +iptables -A OUTPUT -m conntrack --ctstate NEW,ESTABLISHED,RELATED -j ACCEPT 1.9 1.10 # Accept input trafic only for connections initialized by user. 1.11 -iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 1.12 +iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 1.13 1.14 # If you manage a HTTP/SSH/FTP/IRC server you can accept input for 1.15 # non-established connections an some ports. Else you can disable the