Re: how to only allow tcp on dport 443 on the OUTPUT chain?

erikmccaskey64 wrote:
it's a normal desktop machines iptables firewall:

If i want to block udp on dport 80 on the output chain, then is this
enough? i want to only allow tcp on it!
iptables -P OUTPUT DROP
iptables -A OUTPUT -o $PUBIF --dport 80 -j ACCEPT

or i need this rule?
iptables -P OUTPUT DROP
iptables -A OUTPUT -o $PUBIF -p tcp --dport 80 -j ACCEPT

the second one is the good one?

You don't want to do that, if you block everything on OUTPUT things like DHCP,
ARP, ICMP, etc, fail. You would need pages of ACCEPT rules.

iptables -A OUTPUT -p tcp ! --dport 80 -j REJECT

Would at least block only tcp, although I bet you will find that you want to do
mail and such. You are rapidly entering deep waters, I fear, but it's your machine.

Bill Davidsen <davidsen@xxxxxxx>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
users mailing list
To unsubscribe or change subscription options: