filtering ruleset help sought
barry at ttienterprises.org
Mon Aug 15 22:27:25 CEST 2005
I was given a iptables ruleset (that I think was generated by firestarter)
I don't have GUI nor do I want to so I have no means to test it.
It runs on a gateway machine ETH0 = Wan and ETH1 = LAN NICs
I'm looking for a simple ruleset that will deny all outgoing traffic
accept to a list of IP addresses found in a file
and only on port 80 for HTTP access only.
I have this:
$IPT -t filter -A INPUT -s $INNET -d 0/0 -j DROP
$IPT -t filter -A OUTPUT -s $INNET -d 0/0 -j DROP
$IPT -t filter -A OUTPUT -p icmp -s $INNET -d 0/0 -j DROP
while read s1 s2
$IPT -t filter -A INPUT -s $INNET -d $s1 --dport 80 -j ACCEPT
$IPT -t filter -A OUTPUT -s $INNET -d $s1 --dport 80 -j ACCEPT
$IPT -t filter -A OUTPUT -p icmp -s $INNET -d $s1 -j ACCEPT
done < /allowed-hosts
1) doesn't work complains about --dport
2) I can still ping other ip addresses not found in the allowed-hosts file?
Any help, most welcome
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.10.9/72 - Release Date: 8/14/2005
More information about the netfilter