Re: iptables
From: Parker Morse (morse_at_sinauer.com)
Date: 09/29/03
- Previous message: Harish Sabnani: "Network Setup Opinion Needed"
- In reply to: rrosa_at_usp.br: "Re: iptables"
- Next in thread: rrosa_at_usp.br: "Re: iptables"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: rrosa@usp.br Date: Mon, 29 Sep 2003 13:45:52 -0400
On Monday, Sep 29, 2003, at 07:12 US/Eastern, rrosa@usp.br wrote:
> My script is ok now! You are right : I need to accept connection FROM
> port. But
> I needed the udp rules to samba because without the liberantion samba
> udp, it
> didn't work.
>
> Only another question, if I put ACCEPT in OUTPUT, don't make sense if
> I put:
> iptables -t filter -A OUTPUT -p tcp --dport 515 -j ACCEPT
> to only accept the output to the printer port?? And here I had to put
> ...OUTPUT
> -p tcp --source-port 515 -j ACCEPT ??? And I have to accept the output
> to my
> ssh, ok?
I'm not the best person to be asking about firewalls, but:
I think you're confused about the way OUTPUT works. It acts on any
packets sent out by your system. Unless you are concerned about how
users of your system are going to be using it, you're creating more
problems than you're solving by having too many rules on OUTPUT. Unlike
INPUT, where you don't know what's coming in from outside, you're
better off with a permissive policy (only blocking ports which cause
trouble, instead of only opening ports you need) on OUTPUT.
Someone PLEASE correct me if I've got this wrong.
See <http://www.tldp.org/HOWTO/Firewall-HOWTO.html> and
<http://www.tldp.org/HOWTO/IPCHAINS-HOWTO.html> for more information.
pjm
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
- Previous message: Harish Sabnani: "Network Setup Opinion Needed"
- In reply to: rrosa_at_usp.br: "Re: iptables"
- Next in thread: rrosa_at_usp.br: "Re: iptables"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
