[lug] iptables question
dan radom
dan at radom.org
Sat May 17 09:00:37 MDT 2003
* jd (lug at taproot.bz) wrote:
>
> Hello,
> I am running iptables on a debian box. I have a big source list for
> my apt repositories. I dont want to have to write a 101 rules in
> iptables to allow for this...
>
> i.e.
>
> iptables -A INPUT -s ftp.debian.org -j ALLOW
> iptables -A INPUT -s security.debian.org -j ALLOW
> .....
>
> is there a way to allow all hosts in the domain debain.org..like..
>
> iptables -A INPUT -s *.debain.org -j ALLOW
>
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
That will allow all traffic back in that is related to any traffic you
sent out. It allows for default DROP policies, but doesn't require you
to list all your apt ources or whatever.
dan
More information about the LUG
mailing list