[lug] iptables question

dan radom dan at radom.org
Sat May 17 09:00:37 MDT 2003


* jd (lug at taproot.bz) wrote:
> 
> Hello,
>   I am running iptables on a debian box. I have a big source list for
> my apt repositories. I dont want to have to write a 101 rules in
> iptables to allow for this...
> 
> i.e.
> 
> iptables -A INPUT -s ftp.debian.org -j ALLOW
> iptables -A INPUT -s security.debian.org -j ALLOW
> .....
> 
> is there a way to allow all hosts in the domain debain.org..like..
> 
> iptables -A INPUT -s *.debain.org -j ALLOW
> 

iptables -A INPUT -m state --state ESTABLISHED,RELATED  -j ACCEPT

That will allow all traffic back in that is related to any traffic you
sent out.  It allows for default DROP policies, but doesn't require you
to list all your apt ources or whatever.

dan



More information about the LUG mailing list