Re: Specifying multiple services to Netfilter
On Wed, Jun 06, 2001 at 11:46:11PM -0600, Stefan Srdic wrote:
> iptables -A INPUT --protocol tcp -i $DSLIFACE -d $ANYADDR \
> --destination-port :1023 -j REJECT
> iptables -A INPUT --protocol tcp -i $DSLIFACE -s $ANYADDR \
> --source-port :1023 -j REJECT
> Anyway, I'm having a few problems with this configuration. It doesn't work!!
> After I run the script I can ping websites (which means ICMP works along with
> DNS, but I'm running BIND as a caching-only nameserver) but cannot use any of
> the other TCP services that I have listed above.
I can't really follow what you're trying, but that second reject rule
blocks outgoing traffic. (Use iptables -n -v -L to see the list of
rules and a count of the packets that each affect.) You probably want to
accept outbound traffic for specific ports before rejecting any.
> > Try "#!/bin/sh -x" instead.
It displays the commands at the script executes. It's utile for debugging
shell scripts.
Reply to: