Re: iptables questions
- From: Nrth <nrth@xxxxxxxxxxxxxxx>
- Date: Mon, 12 Jan 2009 22:00:45 GMT
On 2008-12-11, newnie <lof@xxxxxxxxxxx> wrote:
I am new to iptables. Fortunately, I was able to reverse the ruleset I had
earlier. I have read more and added the following rules set:
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp spt:smtp
ACCEPT tcp -- anywhere anywhere tcp spt:domain
ACCEPT udp -- anywhere anywhere udp spt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:smtps
ACCEPT tcp -- anywhere anywhere tcp
dpt:cvspserver
ACCEPT tcp -- anywhere anywhere tcp
dpt:webcache
ACCEPT tcp -- anywhere anywhere tcp
dpt:distinct
ACCEPT all -- ip-XXX-XXX-XX-XXX.ip.myserver.net anywhere
DROP all -- anywhere anywhere
I tried to follow this HOWTO:
https://support.eapps.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=127&nav=0,1
It appears to work on most ports. However, when I try a web site on that
server, port 80, it starts but never finishes - never goes to that page. In
forefox, the progress bar loooks like it's almost finished but never gets
there.
Hello,
You could try adding this to your script before allowing individual services :
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Regards,
Nrth.
.
- Follow-Ups:
- Re: iptables questions
- From: D. Stussy
- Re: iptables questions
- Prev by Date: Re: Great Firewall/Australia censorship proposal
- Next by Date: Re: Great Firewall/Australia censorship proposal
- Previous by thread: Spyware Guard 2008 Removal Help - Remove spyware guard 2008 manually
- Next by thread: Re: iptables questions
- Index(es):
Relevant Pages
|
