I would like to check the state of all packets running through my firewall by using the --state NEW, ESTABLISHED, etc. My question is this, can I create one ruleset that will cover all subsequent rules, or do I have to add the --state option to each individual chain I write. Essentially I would like to examine all NEW, ESTABLISHED, and RELATED packets, for each rule and drop all INVALID packets. But I don't want to have to insert this into every rule. This is my first shot at using iptables (I've been using ipchains for some time) and I guess I need a little help.

Acutually, this is my bad. I'm going to move this to the security/web forum.