Re: how to only allow tcp on dport 443 on the OUTPUT chain?
On Wed, 9 Mar 2011 09:24:41 +0000 (UTC)
Virgo Pärna <email@example.com> wrote:
> I may be mistaken, but such hard rules could cause serious
> problems. I think that even dns name resolution would not work
> anymore (you cannot send out dns queries). Essentialy you could only
> browse websites on port 80 using IP numbers instead of server name.
I suspect (and hope :) ) that the rules listed by the OP were only part
of a bigger rule set, and the drop policy rule was only included to give
more context. If this is not the case, I agree with Virgo.