Archive for the tag 'Tracking'

SBDavid

iptables and Connection Tracking

iptables includes a module that allows administrators to inspect and restrict connections to services available on an internal network using a method called connection tracking.

NEW - A packet requesting a new connection, such as an HTTP request.

ESTABLISHED - A packet that is part of an existing connection.

RELATED - A packet that is requesting a new connection but is part of an existing connection, such as passive FTP connections where the connection port is 20, but the transfer port can be any unused port 1024 or higher.

INVALID - A packet that is not part of any connections in the connection tracking table.

iptables -A FORWARD -m state –state ESTABLISHED,RELATED -j ACCEPT

The following above example shows a rule that uses connection tracking to forward only the packets that are associated with an established connection.