Re: how to only allow tcp on dport 443 on the OUTPUT chain?
On Tue, 08 Mar 2011 23:35:03 -0800, erikmccaskey64 <erikmccaskey64@zoho.com> wrote:
>
> it's a normal desktop machines iptables firewall:
>
>
> If i want to block udp on dport 80 on the output chain, then is this enough? i want to only allow tcp on it!
> iptables -P OUTPUT DROP
> iptables -A OUTPUT -o $PUBIF --dport 80 -j ACCEPT
>
Only allowed outgoing traffic is on $PUBIF inteface for tcp and udp port 80.
On all other interfaces all outgoing traffic is blocked.
>
> or i need this rule?
> iptables -P OUTPUT DROP
> iptables -A OUTPUT -o $PUBIF -p tcp --dport 80 -j ACCEPT
>
Only allowed outgoing traffic is on $PUBIF interface for tcp port 80. On all
other interfaces all outgoing traffic is blocked.
I may be mistaken, but such hard rules could cause serious problems. I think
that even dns name resolution would not work anymore (you cannot send out dns queries).
Essentialy you could only browse websites on port 80 using IP numbers instead of server
name.
--
Virgo Pärna
virgo.parna@mail.ee
Reply to: