> I've been trying to get iptables working so that I can finally have a > worthwhile client-side non-graphical firewall. So to test it out, I > typed these two commands: > > /# iptables -A INPUT -p tcp --dport 80 -j ACCEPT > # iptables -A INPUT -j REJECT > > /And for some reason I completely lost my connection to port 80, even > though that command says "Allow all TCP connections to port 80, but > reject all others".
Is it your intention to only allow incoming connections to port 80? i.e. you have a web server (apache) set up on your machine, and you only want to allow incoming connections to that, and to block everything else? If so, the above commands look like they should work to me, assuming the OUTPUT rules are allowing everything (the default). Or are you trying to only allow web browsing from your computer, and nothing else? If so, the above command will not work, since the reply packets coming back are not directed to port 80, but rather a random port # above 1024. If you want something like a personal firewall, that will allow outgoing connections but not incoming, try something like: First flush the chain, and set the default policy to DROP: # iptables -F INPUT # iptables -P INPUT DROP Now, start adding rules to allow incoming packets: # iptables -A INPUT --state ESTABLISHED,RELATED -j ACCEPT This will allow the return packets for outgoing connections, but will drop incoming packets that are trying to make new connections. Or is this machine acting as a firewall/router for other computers sitting behing it on a LAN? If that's the case, you'll need to mess with the FORWARD rules, not INPUT or OUTPUT. Hope this helps! -- Kevin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
