Find the answer to your Linux question:
Page 2 of 2 FirstFirst 1 2
Results 11 to 12 of 12
I know this doesn't really solve your problem, but I'd like to say that you should probably just drop the whole INVALID filter. I believe that the attacks that this ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #11
    Linux User Krendoshazin's Avatar
    Join Date
    Feb 2005
    Location
    London, England
    Posts
    471

    I know this doesn't really solve your problem, but I'd like to say that you should probably just drop the whole INVALID filter. I believe that the attacks that this sort of filter is meant to prevent are decades old and simply aren't a problem anymore.

    The question is "why are these packets being marked as invalid?", but a better question is, "do i really need this filter in the first place?". For an effort/reward ratio I would say get rid of it.

  2. #12
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,672
    Quick look at your rules shows me that you have one hell of a mess for rules. All your ESTABLISHED,RELATED rules will never match because you do not have any NEW rules adding information to the db that iptables looks at for the established connections. You should take another look at your rules and figure out what you really need and trash the rest. You might also thing about limiting the packets that get logged and how often. Not sure why you are doing what you are but what are you looking to do with this firewall? Are you just reading something on line and then adding them to your rules?

    Here is a document you should read IPTABLES TUTORIAL

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Page 2 of 2 FirstFirst 1 2

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •