[ale] iptables issue
Jason Lunz
lunz at falooley.org
Mon Jul 17 15:23:27 EDT 2006
jknapka at kneuro.net said:
>> iptables -P INPUT DROP
>> iptables -P OUTPUT DROP
>> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>> iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>> iptables -A INPUT -p tcp -d WW.XX.YY.ZZ --dport http \
>> -m state --state NEW -j ACCEPT
>>
>> In the above configuration, ONLY packets that are part of inbound port
>> 80 tcp connections are allowed in or out.
>
> Right, but he *does* still need a rule in the OUTPUT chain to allow
> related or established packets out. I don't believe there's any way a
> rule in the INPUT chain would ever also magically apply to the OUTPUT
> chain.
you mean like this one?
>> iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Jason
More information about the Ale
mailing list