[ale] iptables issue
Jason Lunz
lunz at falooley.org
Sun Jul 16 23:42:17 EDT 2006
jimpop at yahoo.com said:
> I have an issue wrt iptables. I use iptables to allow/deny access to a
> website. The tables are intended to allow all in to port 80 at address
> WW.XX.YY.ZZ, and all replies back out from port 80 on same address.
>
> The command line used to create the rules is this:
>
> iptables -A INPUT -p tcp -d WW.XX.YY.ZZ --dport http
> -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
> iptables -A OUTPUT -p tcp -s WW.XX.YY.ZZ --sport http
> -m state --state RELATED,ESTABLISHED -j ACCEPT
the second rule is superfluous. It's implied by the ESTABLISHED in the
first rule.
> The above rules work 98% of the time, however I see periodic failures
> (REJECTS) logged from outbound data back to what I believe to be proxies
> at all the major ISPs.
what exactly is logged?
Jason
More information about the Ale
mailing list