Re: looking for suggestions
--- Douglas Maxwell <firstname.lastname@example.org> wrote:
> On Mon, May 10, 2004 at 08:25:10PM -0700, Kevin D. White wrote:
> > Your OUTPUT rules would be pretty simple as well:
> > 1. ALLOW only outgoing connections to your proxy
> > server, if you have one that is... or only to an
> > external network address.
> This is actually the job of the FORWARD chain. The OUTPUT chain is for
> connections that originate from the firewall itself. Most people just
> allow all outbound connections. This is enough to do that statefully:
> iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A OUTPUT -m state --state NEW -j ACCEPT
I have seen this context used on BSD there it is manditory to allow
"--state NEW"(with diffrent syntax) but "--state ESTABLISHED,RELATED" is
silently added to another 'expected' table. I was wondering what ipfilter
NEEDs to operate?
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs