1

I have a unique situation. Let's say my webserver ( e.g. 10.0.0.2) is connected to eth0 of my firewall (gw 10.0.0.1). A local network (192.168.0.0/24) is also connected to eth1 (192.168.0.1/24) of my firewall. Now I want to allow traffic from web server initialized from internal network. How should I use iptables command to do this? Is there a --state option that specifies INITIALIZED state?

Improve this question
4
  • Just use RELATED/ESTABLISHED. Commented Oct 4, 2014 at 3:07
  • perturb.org/content/iptables-rules.html Commented Oct 4, 2014 at 3:11
  • @ChrisDown ok, so there is no actual INITIALIZED state? RELATED/ESTABLISHED should cover the INITIALIZED state, right? Commented Oct 4, 2014 at 3:12
  • @TylerMaginnis that's actually a nice tool, thanks. Commented Oct 4, 2014 at 3:15

1 Answer 1

Reset to default
0

You can try adding the following rules to your iptables firewall:

$ sudo iptables -A INPUT -p tcp --dport 80 -s 192.168.0.0/24 -m state \
     --state NEW,ESTABLISHED -j ACCEPT
$ sudo iptables -A OUTPUT -p tcp --sport 80 -d 192.168.0.0/24 -m state \
     --state ESTABLISHED -j ACCEPT
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.