[solved] Re: iptables ruleset ...
On Wednesday 09 February 2005 17:12, Dave Ewart wrote:
> On Wednesday, 09.02.2005 at 16:45 +0100, Manfred Sampl wrote:
> > > [...]
> > >
> > > For every INPUT you need apropriate OUTPUT rule :)
> > > I don't know your configuration or how exactly you are connected to the
> > > network but for ssh you should probably have to add:
> > >
> > > $IPTABLES -A OUTPUT -o $EXTINT -d $EXTIP -p tcp --sport 22 -j ACCEPT
> > > $IPTABLES -A OUTPUT -o $INTIF -p tcp --sport 22 -j ACCEPT
> When I have INPUT rules to allow special types of traffic in, such as
> SSH, I usually find that the best corresponding OUTPUT rules are to
> allow ESTABLISHED and RELATED, rather than on the source ports of the
> services one is allowing: which means that you won't need to add
> additional OUTPUT rules if you later allow a different special service
> in. This is probably just a matter of taste, though.
I have actually a ESTABLISHED, RELATED rule, but that didn't help:
$IPTABLES -A INPUT -i $EXTIF -s $UNIVERSE -d $EXTIP -m state --state \
ESTABLISHED,RELATED -j ACCEPT
Is there a gui tool that is able to set up a firewall rule set on a remote
computer or write a bash script? I had a quick look at knetfilter and
firestarter, but that isn't really what I need. Shorewall is somehow nice,
but wouldn't that be a step back for me?