iptables -A input -i eth0 -p tcp -m state --state ESTABLISHED, RELATED -j ACCEPT

What I'm trying to do is to only let back into my server what I have already started, so later I deny all -syn packets. but this should work as far as I know.

I get an error as follows:
iptables v1.2.2: Bad state `'
check iptables -h


Any ideas?

My guess would be to take the space out from between the "," and "RELATED".

You might also try making "input" uppercase, because I'm under the impression that that's important... :)

Oh, and just a note on iptables:

If *all* you want to do is allow access out but not access in, then these two rules are all you really need:

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i <your interface> -j DROP

I'm still getting the same error, and it was as you said it before, mine was copied in a lazy manner. the 2 rules I have are:

iptables -A INPUT -i eth0 -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -i eth0 -p tcp --syn -j DROP

these should work, but it doesn't, anymore ideas?

what is the error you are getting? The problem may be with what you have support for in your kernel.

the error as stated before is 'bad state' I'm pretty sure that all the modules are installed, I think that the state flag needed the ip_conntrack which is installed. Any new ideas?

Well, I'm officially stumped, but I have a question.

Why are you only blocking incoming SYN packets? This opens you up to FIN, NULL, and XMAS scans... Take out the "--syn" from the second rule, and it'll help with security even more (it will also alleviate network traffic if anybody is portscanning you...). You really have no reason not to.

ok, here is my script as of now:

#!/bin/bash

#IPtables startup script

#Flush all entries and set policies
iptables -F
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT

#Allow SSH Connections
iptables -A INPUT -i eth0 -p tcp --dport ssh -j ACCEPT

#Accept only connections that localhost has initialized
iptables -A INPUT -p tcp ! --syn -m state --state ESTABLISHED,RELATED -j ACCEPT

#Deny all other syn packets trying to initiate conversation with csdept
iptables -A INPUT -i eth0 -p tcp -j DROP

when I run, I get the error:
iptables: bad chain/state/target

I hope that this is something stupid, because its really starting to bother me

try out:

modprobe ipt_state

then load your firewall rule's.

If that isn't it, double check that you have state checking in your kernel setup.