[BBLISA] Troubleshooting iptables/netfilter problems
Chuck Anderson
cra at WPI.EDU
Fri Feb 28 15:52:50 EST 2014
On Fri, Feb 28, 2014 at 12:14:30PM -0500, John P. Rouillard wrote:
> I have not seen this, but you could simplify the rule and remove
>
> "-m state --state NEW"
>
> for testing to see if the problem goes away. That should eliminate any
> issues with the state setup and allow all ldap traffic to pass
> through.
I vote for this as a permanent solution. Why would you want netfilter
to track state on inbound connections to a server in most cases? Are
you also filtering outbound replies or do you have a default-allow
outbound ruleset?
More information about the bblisa
mailing list