Loopback
-A INPUT -i lo -j ACCEPT
Obsolete extensions:
• -m state: replaced by -m conntrack
• -j NOTRACK: replaced by -j CT --notrack (from 2.6.35)
TCP flag checks
-A INPUT (-p tcp) -m conntrack --ctstate INVALID -j badflags
State tracking
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
Комментариев нет:
Отправить комментарий