summary refs log tree commit diff
diff options
context:
space:
mode:
authorEric Brown <ecbrown@ericcbrown.com>2021-05-30 22:00:52 +0100
committerArun Isaac <arunisaac@systemreboot.net>2021-06-04 00:11:47 +0530
commitecbfa206091574f913a1914447bad79206eff548 (patch)
tree350a0606d15651b22973901a1deeff2660c41066
parent9703a51048fbc1d322595d676ff0d63b1eb89304 (diff)
downloadguix-ecbfa206091574f913a1914447bad79206eff548.tar.gz
doc: Fix example iptables configuration.
* doc/guix.texi (Networking Services): Allow established and related incoming
connections in example iptables configuration.

Signed-off-by: Arun Isaac <arunisaac@systemreboot.net>
-rw-r--r--doc/guix.texi2
1 files changed, 2 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index ed442d3f9b..eb64518a95 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -16450,6 +16450,7 @@ configuration rejecting all incoming connections except those to the ssh port
 :INPUT ACCEPT
 :FORWARD ACCEPT
 :OUTPUT ACCEPT
+-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
 -A INPUT -p tcp --dport 22 -j ACCEPT
 -A INPUT -j REJECT --reject-with icmp-port-unreachable
 COMMIT
@@ -16458,6 +16459,7 @@ COMMIT
 :INPUT ACCEPT
 :FORWARD ACCEPT
 :OUTPUT ACCEPT
+-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
 -A INPUT -p tcp --dport 22 -j ACCEPT
 -A INPUT -j REJECT --reject-with icmp6-port-unreachable
 COMMIT