[ale] iptables issue
    Jason Lunz 
    lunz at falooley.org
       
    Sun Jul 16 23:42:17 EDT 2006
    
    
  
jimpop at yahoo.com said:
> I have an issue wrt iptables.  I use iptables to allow/deny access to a 
> website.  The tables are intended to allow all in to port 80 at address 
> WW.XX.YY.ZZ, and all replies back out from port 80 on same address.
>
> The command line used to create the rules is this:
>
> iptables -A INPUT -p tcp -d WW.XX.YY.ZZ --dport http
>       -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
> iptables -A OUTPUT -p tcp -s WW.XX.YY.ZZ --sport http
>       -m state --state RELATED,ESTABLISHED -j ACCEPT
the second rule is superfluous. It's implied by the ESTABLISHED in the
first rule.
> The above rules work 98% of the time, however I see periodic failures 
> (REJECTS) logged from outbound data back to what I believe to be proxies 
>    at all the major ISPs.
what exactly is logged?
Jason
    
    
More information about the Ale
mailing list