[lug] iptables question
jd
lug at taproot.bz
Sat May 17 19:11:12 MDT 2003
esblished/related does not allow you to make new connections
unless you have specified with another rule....this rule only
allows traffic back in because you allowed it out..
jd
On Sat, 2003-05-17 at 09:00, dan radom wrote:
> * jd (lug at taproot.bz) wrote:
> >
> > Hello,
> > I am running iptables on a debian box. I have a big source list for
> > my apt repositories. I dont want to have to write a 101 rules in
> > iptables to allow for this...
> >
> > i.e.
> >
> > iptables -A INPUT -s ftp.debian.org -j ALLOW
> > iptables -A INPUT -s security.debian.org -j ALLOW
> > .....
> >
> > is there a way to allow all hosts in the domain debain.org..like..
> >
> > iptables -A INPUT -s *.debain.org -j ALLOW
> >
>
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> That will allow all traffic back in that is related to any traffic you
> sent out. It allows for default DROP policies, but doesn't require you
> to list all your apt ources or whatever.
>
> dan
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
More information about the LUG
mailing list