[plug] masq script

Adam Hewitt ahewitt at globaldial.com
Thu Dec 18 09:22:01 WST 2003


On 18/12/2003, at 9:08 AM, Ryan wrote:

> Likewise, I've been ignoring this thread ... but that line is correct 
> if
> you specify a direction and then accept everything in the reverse.  I'm
> at work now with my limited plug archives, so this might have already
> been covered - but it looks like maybe it wasn't.
>
> My usage of it contains out->in interfaces, then an in->out accept for
> everything:
>
> $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state
> ESTABLISHED,RELATED -j ACCEPT
> $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
>
> Up to you, NEW would certainly do it but I've more commonly seen the
> above representation of it - probably for manageability and granularity
> of lock-down reasons.
>
> Ryan

That was actually what I meant, I just didn't explain it properly (at 
all??)

Its too early to be making any kind of sense

Adam.




More information about the plug mailing list