filtering ruleset help sought

Barry Fawthrop barry at
Mon Aug 15 22:27:25 CEST 2005


I was given a iptables ruleset (that I think was generated by firestarter)
I don't have GUI nor do I want to so I have no means to test it.
It runs on a gateway machine ETH0 = Wan and ETH1 = LAN NICs

I'm looking for a simple ruleset that will deny all outgoing traffic 
accept to a list of IP addresses found in a file
and only on port 80 for HTTP access only.

I have this:

$IPT -t filter -A INPUT -s $INNET -d 0/0 -j DROP
$IPT -t filter -A OUTPUT -s $INNET -d 0/0 -j DROP
$IPT -t filter -A OUTPUT -p icmp -s $INNET -d 0/0 -j DROP

while read s1 s2
           $IPT -t filter -A INPUT  -s $INNET -d $s1 --dport 80 -j ACCEPT
           $IPT -t filter -A OUTPUT -s $INNET -d $s1 --dport 80 -j ACCEPT
           $IPT -t filter -A OUTPUT -p icmp -s $INNET -d $s1 -j ACCEPT
     done < /allowed-hosts

1) doesn't work complains about --dport
2) I can still ping other ip addresses not found in the allowed-hosts file?

Any help, most welcome
Thank You

No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.10.9/72 - Release Date: 8/14/2005

More information about the netfilter mailing list