firewall - povoleni https

[Roman DAVID]

Jiri Drasnar wrote:
> Predpokladal jsem, ze bude stacit povolit 
> nasledujici (obdoba povoleni poru 80):
> 
> iptables -A FORWARD -i eth0 -p tcp --sport 443 -j ACCEPT
> iptables -A FORWARD -i eth1 -p tcp --dport 443 -j ACCEPT
> 
> eth0 - internet
> eth1 - vnitrni sit
>

nema tam byt jeste -m tcp ?
tzn.:
iptables -A FORWARD -i eth1 -p tcp -m tcp --dport 443 -j ACCEPT
dale by melo stacit:
iptables -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

a melo by to fachcit, pokud to neprebije nejake jine pravidlo.
RELATED tam ani nemusi byt, pokud jde o https.

Roman DAVID