I for some reason have a difficult time understanding the Firewall rule "RELATED, ESTABLISHED" that you put on the Input chain on a webserver firewall. If the Firewall only allows incomming trafic that is related or established, woudln't this rule block SYN packets since they aren't related to a earlier connection or in an established connection?
Im sure the answer is right in front of my nose, i just need it to click.
Thanks!
Input chain ... woudln't this rule block SYN packets since they aren't related to a earlier connection or in an established connection?
Correct. This rule is designed to not allow incoming new connections, but allow packets which are related to a connection which was established from inside.
Of course, for a webserver such rule by itself would not make the server accessible from outside. If this is intended there should be an additional rule to make access to the server possible, but only restricted to the port(s) of the server.