From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 614AD1381FB for ; Thu, 27 Dec 2012 17:53:59 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E088F21C086; Thu, 27 Dec 2012 17:53:44 +0000 (UTC) Received: from n.hanft.de (n.hanft.de [213.95.70.228]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 6616921C221 for ; Thu, 27 Dec 2012 17:52:18 +0000 (UTC) Received: from fileserver.hanft.de (fileserver.hanft.de [IPv6:2002:d55f:8597:0:a:f:5:14]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by n.hanft.de (Postfix) with ESMTPS id B82C91B8909 for ; Thu, 27 Dec 2012 18:52:16 +0100 (CET) Received: from mh.local (mh.local [10.15.5.50]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: mh) by fileserver.hanft.de (Postfix) with ESMTPSA id 5E2E5184114; Thu, 27 Dec 2012 18:52:16 +0100 (CET) Message-ID: <50DC8ACD.1080204@hanft.de> Date: Thu, 27 Dec 2012 18:52:13 +0100 From: Matthias Hanft User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0 SeaMonkey/2.14.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] IPTABLES syntax change? References: <20121227004732.GB5854@waltdnes.org> <50DBA7D0.4060800@orlitzky.com> <87zk0zivjk.fsf@einstein.gmurray.org.uk> <50DC7914.8060705@orlitzky.com> In-Reply-To: <50DC7914.8060705@orlitzky.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: 30a717ce-9098-46cb-8bd0-4b4abd0a532e X-Archives-Hash: ad4da526d3e78d646b953a6b85c240ac Michael Orlitzky wrote: > > My first -m state rule is, > iptables -A INPUT -p ALL -m state \ > --state ESTABLISHED,RELATED -j ACCEPT That was mine, too (you can omit -p in this case, can't you?). > And if what you say is true, I'd be in deep shit if it reset to, > iptables -A INPUT -p ALL -m state -j ACCEPT > without a warning. It *was* resetted here. I just noticed it reading this discussion. Don't exactly know what the "stateless" rule did (perhaps just nothing?), but since I didn't notice it for a pretty long time, it can't have been all to bad?! At least, it didn't crash the whole system :-) But I would have appreciated at least an update notice, too! -Matt