[ale] iptables issue
Jim Popovitch
jimpop at yahoo.com
Sun Jul 16 22:20:16 EDT 2006
I have an issue wrt iptables. I use iptables to allow/deny access to a
website. The tables are intended to allow all in to port 80 at address
WW.XX.YY.ZZ, and all replies back out from port 80 on same address.
The command line used to create the rules is this:
iptables -A INPUT -p tcp -d WW.XX.YY.ZZ --dport http
-m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s WW.XX.YY.ZZ --sport http
-m state --state RELATED,ESTABLISHED -j ACCEPT
The above rules work 98% of the time, however I see periodic failures
(REJECTS) logged from outbound data back to what I believe to be proxies
at all the major ISPs.
I'm inclined to remove the "state" options from the above rules, but I
can't figure out what doing so is necessary. Any thoughts?
Tia,
-Jim P.
More information about the Ale
mailing list