Dear David Thank you for the brief explain some of the verbs such as established sound familiar from the days i used to work with Cisco access lists and checkpoint firewall the new command wasn't known to me However if i put accept for new then it will not block anything because every incoming connection considered new so if i put accept new i must put after it (or before it) deny UDP 53 in order to block the DNS queries coming from the internet that part was mising for me ill go to the links you provided and read them as well although i deal with router (hardware) firewall and not unix (software) firewall 73's Ronen - 4Z4ZQ http://www.ronen.org
________________________________________
themselves "New" would be a new traffic flow coming to your machine and if it should be accepted or not. "Established" is when an existing flow that was previously accepted continues to flow back and forth.
On Linux, we use IPTABLES for our L2 and L3 firewall - https://www.google.com/search?q=iptables+tutorial
FreeBSD uses "pf" - https://www.freebsd.org/doc/handbook/firewalls-pf.html
This is all detailed networking work and deserves some quality study on your part to keep your machine secure on the big, *bad* internet. All fun stuff if you're interested in networking technologies which is common for folks here on the AMPR list.
--David KI6ZHD