Re: how to only allow tcp on dport 443 on the OUTPUT chain?



erikmccaskey64 wrote:
it's a normal desktop machines iptables firewall:

If i want to block udp on dport 80 on the output chain, then is this
enough? i want to only allow tcp on it!
iptables -P OUTPUT DROP
iptables -A OUTPUT -o $PUBIF --dport 80 -j ACCEPT

or i need this rule?
iptables -P OUTPUT DROP
iptables -A OUTPUT -o $PUBIF -p tcp --dport 80 -j ACCEPT

the second one is the good one?

You don't want to do that, if you block everything on OUTPUT things like DHCP,
ARP, ICMP, etc, fail. You would need pages of ACCEPT rules.

iptables -A OUTPUT -p tcp ! --dport 80 -j REJECT

Would at least block only tcp, although I bet you will find that you want to do
mail and such. You are rapidly entering deep waters, I fear, but it's your machine.

--
Bill Davidsen <davidsen@xxxxxxx>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines



Relevant Pages

  • Need help configuring IPtables w/ DMZ, 2 LAN, and INET
    ... I am desperately in need of assistance in configuring an IPtables ... firewall on a Red Hat Linux 9.0 server. ... Chain FORWARD ... tcp dpt:25 flags:0x16/0x02 ...
    (comp.os.linux.networking)
  • Re: Bourne Shell Scripting with iptables
    ... iptables commands aren't necessary. ... accept in proto tcp ...
    (comp.unix.shell)
  • Re: Bittorrent - utorrent
    ... use the matching module for iptables called ipp2p. ... Below is a list of switches that are introduced when iptables is ... --edk eDonkey, eMule, Kademlia TCP and UDP very good ... Objet: Re: Bittorrent - utorrent ...
    (Focus-IDS)
  • Masq Problem
    ... iptables -P FORWARD DROP ... Chain INPUT (policy DROP) ... tcp dpt:23 ... udp dpt:23 ...
    (alt.linux)
  • Problem with MASQ
    ... iptables -P FORWARD DROP ... Chain INPUT (policy DROP) ... tcp dpt:23 ... udp dpt:23 ...
    (alt.linux)