[lug] iptables question
jd
lug at taproot.bz
Sat May 17 19:20:45 MDT 2003
On Sat, 2003-05-17 at 19:11, jd wrote:
>
> esblished/related does not allow you to make new connections
> unless you have specified with another rule....this rule only
> allows traffic back in because you allowed it out..
>
> jd
well, in the case of ftp and the like, this rule will allow
a new connection to be made(port 20) only because it is related to a
connection that was allowed out due to some other rule(port 21).
right?
jd
>
> On Sat, 2003-05-17 at 09:00, dan radom wrote:
> > * jd (lug at taproot.bz) wrote:
> > >
> > > Hello,
> > > I am running iptables on a debian box. I have a big source list for
> > > my apt repositories. I dont want to have to write a 101 rules in
> > > iptables to allow for this...
> > >
> > > i.e.
> > >
> > > iptables -A INPUT -s ftp.debian.org -j ALLOW
> > > iptables -A INPUT -s security.debian.org -j ALLOW
> > > .....
> > >
> > > is there a way to allow all hosts in the domain debain.org..like..
> > >
> > > iptables -A INPUT -s *.debain.org -j ALLOW
> > >
> >
> > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> >
> > That will allow all traffic back in that is related to any traffic you
> > sent out. It allows for default DROP policies, but doesn't require you
> > to list all your apt ources or whatever.
> >
> > dan
> > _______________________________________________
> > Web Page: http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
>
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
More information about the LUG
mailing list