3

iptables: difference between NEW, ESTABLISHED and RELATED packets

view full story
linux-howto

http://serverfault.com – Part of a firewall on a server : iptables -A INPUT -p tcp --dport 22 -m state NEW --state -m recent --set iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 100 --hitcount 10 -j DROP When I search online I always see NEW being used in that rule but I'm having a hard time understanding why ESTABLISHED and RELATED aren't being used. Like this : iptables -A INPUT -p tcp --dport 22 -m state NEW,ESTABLISHED,RELATED --state -m recent --set iptables -A INPUT -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED -m recent --update --seconds 100 --hitcount (HowTos)