Question:

My /etc/sysconfig/iptables like this (default of Centos RHEL)
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT – [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp –icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp –dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp –dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp –dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT –reject-with icmp-host-prohibited
COMMIT

I want to ask about this rule:
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT

if I replace this rule by a sorter rule:
-A RH-Firewall-1-INPUT -p tcp –dport 22 -j ACCEPT
so, the firewall also run well

So, why it needs ‘long form’ like that?

Thank you!

Solution:

HI,

In any case “-m state –state NEW -m tcp” is not compulsory but its recommended to avoid many type of attacks.

Pl. visit following URL for more information.

http://www.guard-privacy-and-online-security.com/denial-of-service-attack-stateful-firewall.html

http://www.informit.com/articles/article.aspx?p=373431