Re: how to only allow tcp on dport 443 on the OUTPUT chain?
- From: Bill Davidsen <davidsen@xxxxxxx>
- Date: Sat, 19 Mar 2011 17:19:39 -0400
erikmccaskey64 wrote:
it's a normal desktop machines iptables firewall:You don't want to do that, if you block everything on OUTPUT things like DHCP,
If i want to block udp on dport 80 on the output chain, then is this
enough? i want to only allow tcp on it!
iptables -P OUTPUT DROP
iptables -A OUTPUT -o $PUBIF --dport 80 -j ACCEPT
or i need this rule?
iptables -P OUTPUT DROP
iptables -A OUTPUT -o $PUBIF -p tcp --dport 80 -j ACCEPT
the second one is the good one?
ARP, ICMP, etc, fail. You would need pages of ACCEPT rules.
iptables -A OUTPUT -p tcp ! --dport 80 -j REJECT
Would at least block only tcp, although I bet you will find that you want to do
mail and such. You are rapidly entering deep waters, I fear, but it's your machine.
--
Bill Davidsen <davidsen@xxxxxxx>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
- Follow-Ups:
- References:
- how to only allow tcp on dport 443 on the OUTPUT chain?
- From: erikmccaskey64
- how to only allow tcp on dport 443 on the OUTPUT chain?
- Prev by Date: Re: Firefox appear to be MS or Mac -
- Next by Date: Re: Firefox appear to be MS or Mac -
- Previous by thread: how to only allow tcp on dport 443 on the OUTPUT chain?
- Next by thread: Re: how to only allow tcp on dport 443 on the OUTPUT chain?
- Index(es):
Relevant Pages
|
