[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: looking for suggestions

--- Douglas Maxwell <doug@turinglabs.com> wrote:
> On Mon, May 10, 2004 at 08:25:10PM -0700, Kevin D. White wrote:
> > Your OUTPUT rules would be pretty simple as well:
> > 1. ALLOW only outgoing connections to your proxy
> > server, if you have one that is... or only to an
> > external network address.
> > 
> This is actually the job of the FORWARD chain. The OUTPUT chain is for
> connections that originate from the firewall itself. Most people just
> allow all outbound connections. This is enough to do that statefully:
> iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A OUTPUT -m state --state NEW -j ACCEPT
I have seen this context used on BSD there it is manditory to allow
"--state NEW"(with diffrent syntax) but "--state ESTABLISHED,RELATED" is
silently added to another 'expected' table.  I was wondering what ipfilter
NEEDs to operate?

> Doug

Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs  

Reply to: