Re: iptables usage

[SiegeM <siegem@gmail.com>]

What is happening here is:
1. When you close all ports of your computer from input but port 80,
the iptables will block the http response wich isn't to your port 80.

I think that you need to close all connections to input but the
response or related packages, then you open all connections to output
and everything is okay. Maybe, if you want to use cups, you can permit
the lo interface to input and output...

Sorry for my english.

On 2/7/07, Michael Pobega <pobega@gmail.com> wrote:
> franck wrote:
> > Michael Pobega wrote:
> >> [...]
> > Hi,
> >
> > What about the OUTPUT chain ? Have you set up more rules ? By default,
> > iptables policy is to ACCEPT all paquets.
> >
> > Have a look at :
> >
> > iptables -L -v to see your rules.
> >
> > An iptables tutorial can be found here :
> >
> > http://iptables-tutorial.frozentux.net/iptables-tutorial.html
> >
> Thanks for the link, but as far as I know it should work. Those are the
> only two rules I'm using, and it *is *working because after I run
> iptables -A INPUT -j REJECT all of my connections drop. But since I
> opened port 80 before that, shouldn't I still be able to use HTTP?
>
>
> Andrei Popescu wrote:
>
> > I'm no expert in iptables, but AFAIK the order of the rules *does*
> > matter. If I understand what you are writing (as much as one can
> > understand iptables syntax) you are telling it to ACCEPT traffic on
> > port 80 and then you tell it to REJECT any traffic.
>
> Exactly. First I opened port 80, and second I closed everything. Which
> in the end should cause everything but port 80 to be closed. At least
> this is my understanding. I've tried the other way around, but it still
> didn't work for me.
>
> > P.S. You should start a new thread for new problems, you might get more
> > answers that way
> I thought this /was/ a new thread? :-P
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org