[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] iptables issue

Subject: [ale] iptables issue
From: lunz at falooley.org (Jason Lunz)
Date: Mon, 17 Jul 2006 19:23:27 +0000 (UTC)
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>

jknapka at kneuro.net said:
>> iptables -P INPUT DROP
>> iptables -P OUTPUT DROP
>> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>> iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>> iptables -A INPUT -p tcp -d WW.XX.YY.ZZ --dport http \
>> 	-m state --state NEW -j ACCEPT
>> 
>> In the above configuration, ONLY packets that are part of inbound port
>> 80 tcp connections are allowed in or out.
>
> Right, but he *does* still need a rule in the OUTPUT chain to allow
> related or established packets out.  I don't believe there's any way a
> rule in the INPUT chain would ever also magically apply to the OUTPUT
> chain.

you mean like this one?

>> iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Jason

Follow-Ups:
- [ale] iptables issue
  - From: jknapka at kneuro.net (JK)

References:
- [ale] iptables issue
  - From: jimpop at yahoo.com (Jim Popovitch)
- [ale] iptables issue
  - From: lunz at falooley.org (Jason Lunz)
- [ale] iptables issue
  - From: jimpop at yahoo.com (Jim Popovitch)
- [ale] iptables issue
  - From: lunz at falooley.org (Jason Lunz)
- [ale] iptables issue
  - From: jknapka at kneuro.net (JK)

Prev by Date: [ale] Hard drive error and hard drive fan
Next by Date: [ale] iptables issue
Previous by thread: [ale] iptables issue
Next by thread: [ale] iptables issue
Index(es):
- Date
- Thread