Re: iptables questions



On 2008-12-11, newnie <lof@xxxxxxxxxxx> wrote:
I am new to iptables. Fortunately, I was able to reverse the ruleset I had
earlier. I have read more and added the following rules set:
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp spt:smtp
ACCEPT tcp -- anywhere anywhere tcp spt:domain
ACCEPT udp -- anywhere anywhere udp spt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:smtps
ACCEPT tcp -- anywhere anywhere tcp
dpt:cvspserver
ACCEPT tcp -- anywhere anywhere tcp
dpt:webcache
ACCEPT tcp -- anywhere anywhere tcp
dpt:distinct
ACCEPT all -- ip-XXX-XXX-XX-XXX.ip.myserver.net anywhere
DROP all -- anywhere anywhere

I tried to follow this HOWTO:
https://support.eapps.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=127&nav=0,1

It appears to work on most ports. However, when I try a web site on that
server, port 80, it starts but never finishes - never goes to that page. In
forefox, the progress bar loooks like it's almost finished but never gets
there.

Hello,

You could try adding this to your script before allowing individual services :

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Regards,

Nrth.
.



Relevant Pages

  • Re: RAID-5
    ... i don't know why it's not yet integrated in FreeBSD. ... some forums posts with some patches(nothing like ports or anything). ... any tutorial, howto, help will be highly appreciated...Even a small ...
    (freebsd-questions)
  • Re: black ice usage question
    ... The point is with a router already there, all ports are already being ... > With BI set in the Paranoid mode with the 1-65535 rules set, ... > protection for unsolicited inbound traffic to the machine. ...
    (comp.security.firewalls)