[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables usage

What is happening here is:
1. When you close all ports of your computer from input but port 80,
the iptables will block the http response wich isn't to your port 80.

I think that you need to close all connections to input but the
response or related packages, then you open all connections to output
and everything is okay. Maybe, if you want to use cups, you can permit
the lo interface to input and output...

Sorry for my english.

On 2/7/07, Michael Pobega <pobega@gmail.com> wrote:
franck wrote:
> Michael Pobega wrote:
>> [...]
> Hi,
> What about the OUTPUT chain ? Have you set up more rules ? By default,
> iptables policy is to ACCEPT all paquets.
> Have a look at :
> iptables -L -v to see your rules.
> An iptables tutorial can be found here :
> http://iptables-tutorial.frozentux.net/iptables-tutorial.html
Thanks for the link, but as far as I know it should work. Those are the
only two rules I'm using, and it *is *working because after I run
iptables -A INPUT -j REJECT all of my connections drop. But since I
opened port 80 before that, shouldn't I still be able to use HTTP?

Andrei Popescu wrote:

> I'm no expert in iptables, but AFAIK the order of the rules *does*
> matter. If I understand what you are writing (as much as one can
> understand iptables syntax) you are telling it to ACCEPT traffic on
> port 80 and then you tell it to REJECT any traffic.

Exactly. First I opened port 80, and second I closed everything. Which
in the end should cause everything but port 80 to be closed. At least
this is my understanding. I've tried the other way around, but it still
didn't work for me.

> P.S. You should start a new thread for new problems, you might get more
> answers that way
I thought this /was/ a new thread? :-P

To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: