[lug] iptables question
dan radom
dan at radom.org
Sun May 18 07:31:00 MDT 2003
* jd (lug at taproot.bz) wrote:
> On Sat, 2003-05-17 at 19:11, jd wrote:
> >
> > esblished/related does not allow you to make new connections
> > unless you have specified with another rule....this rule only
> > allows traffic back in because you allowed it out..
> >
> > jd
>
> well, in the case of ftp and the like, this rule will allow
> a new connection to be made(port 20) only because it is related to a
> connection that was allowed out due to some other rule(port 21).
>
iptables -P PUTPUT ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
*should* take of pretty much allowing all *your* traffic back in.
I've written a script called quicktables that generates a set of iptables
rules based on answers you give to a few questions. You should take a
look at it, generate some rules, and compare with your script. It is
available from http://qtables.radom.org/
dan
More information about the LUG
mailing list