Re: iptables and apt-get

["Ian Goodall" <ijg@iangoodall.co.uk>]

Here is my rule set:

 

 

#default input policy
/sbin/iptables -P INPUT DROP
#allow www/https(ssl)
/sbin/iptables -A INPUT -s 0/0 -d 172.16.5.92 -p tcp --dport https -j ACCEPT
#allow ssh
/sbin/iptables -A INPUT -s 0/0 -d 172.16.5.92 -p tcp --dport ssh -j ACCEPT
#allow smtp
/sbin/iptables -A INPUT -s 0/0 -d 172.16.5.92 -p tcp --dport smtp -j ACCEPT

 

#create a new rule for drop # log
#/sbin/iptables -N drop-and-log-it
#log it
#/sbin/iptables -A drop-and-log-it -j LOG --log-level info --log-prefix 'DROPIT'
#drop it
#/sbin/iptables -A drop-and-log-it -j DROP

 

#now call the rule to drop and log

 

/sbin/iptables -A INPUT -j drop-and-log-it

 

 

-----------

Thanks

 

ijg0

----- Original Message -----

From: Jones, Steven

To: 'Ian Goodall' ; debian-security@lists.debian.org

Sent: Tuesday, March 11, 2003 1:11 AM

Subject: RE: iptables and apt-get

shouldnt do

 

unless you changed the output rules?

 

please provide your ruleset

 

Thing

-----Original Message-----
From: Ian Goodall [mailto:ijg@iangoodall.co.uk]
Sent: Tuesday, 11 March 2003 2:06
To: debian-security@lists.debian.org
Subject: iptables and apt-get

Hi Guys,

 

I am setting up iptables on my debain woody box. I have decided to close everyting and then open up just ssh and ssl. This obviously prevents my apt-get update from working. What ports do I need to open for this to work. If it helps I am going through a proxy to get to the internet.

 

Thanks

 

ijg0