Hi, What's wrong with the following ruleset that I can't do any DNS lookups from the firewallhost ?
$IPCHAINS -P input ACCEPT $IPCHAINS -P forward ACCEPT $IPCHAINS -P output ACCEPT $IPCHAINS -F $IPCHAINS -X # input rules $IPCHAINS -A input -s $localnet -d $localnet -j ACCEPT $IPCHAINS -A input -s $Any -d $localnet -j DENY $IPCHAINS -A input -p tcp -s $Any -d $firewallhost smtp -j ACCEPT $IPCHAINS -A input -p tcp -s $Any -d $firewallhost ssmtp -j ACCEPT $IPCHAINS -A input -p tcp -s $Any -d $firewallhost auth -j ACCEPT $IPCHAINS -A input -p tcp -s $Any -d $firewallhost pop3s -j ACCEPT $IPCHAINS -A input -p udp -s $Any -d $firewallhost pop3s -j ACCEPT $IPCHAINS -A input -p tcp -s $Any -d $firewallhost imaps -j ACCEPT $IPCHAINS -A input -p udp -s $Any -d $firewallhost imaps -j ACCEPT $IPCHAINS -A input -p tcp -s $Any -d $firewallhost https -j ACCEPT $IPCHAINS -A input -p udp -s $Any -d $firewallhost https -j ACCEPT $IPCHAINS -A input -p udp -s $Any domain -d $Any 1024:65535 -j ACCEPT $IPCHAINS -A input -p tcp -s $Any domain -d $Any 1024:65535 -j ACCEPT # forward rules # output rules $IPCHAINS -A output -s $localnet -d $Any -j ACCEPT Using Debian 2.2 and gfcc to configure ipchains. Thanks, Eugene van Zyl
