On Thursday, 10.02.2005 at 15:14 +0100, Manfred Sampl wrote: > On Wednesday 09 February 2005 17:12, Dave Ewart wrote: > > On Wednesday, 09.02.2005 at 16:45 +0100, Manfred Sampl wrote: > > > > [...] > > > > > > > > For every INPUT you need apropriate OUTPUT rule :) > > > > I don't know your configuration or how exactly you are connected to the > > > > network but for ssh you should probably have to add: > > > > > > > > $IPTABLES -A OUTPUT -o $EXTINT -d $EXTIP -p tcp --sport 22 -j ACCEPT > > > > $IPTABLES -A OUTPUT -o $INTIF -p tcp --sport 22 -j ACCEPT > > > > [...] > > > > When I have INPUT rules to allow special types of traffic in, such as > > SSH, I usually find that the best corresponding OUTPUT rules are to > > allow ESTABLISHED and RELATED, rather than on the source ports of the > > services one is allowing: which means that you won't need to add > > additional OUTPUT rules if you later allow a different special service > > in. This is probably just a matter of taste, though. > > I have actually a ESTABLISHED, RELATED rule, but that didn't help: > > $IPTABLES -A INPUT -i $EXTIF -s $UNIVERSE -d $EXTIP -m state --state \ > ESTABLISHED,RELATED -j ACCEPT OUTPUT, not INPUT. > Is there a gui tool that is able to set up a firewall rule set on a remote > computer or write a bash script? I had a quick look at knetfilter and > firestarter, but that isn't really what I need. Shorewall is somehow nice, > but wouldn't that be a step back for me? fwbuilder is suppose to be quite good. Dave. -- Dave Ewart - davee@sungate.co.uk - jabber: davee@jabber.org All email from me is now digitally signed, key from http://www.sungate.co.uk/ Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
Attachment:
signature.asc
Description: Digital signature