On Wed, Jun 06, 2001 at 11:46:11PM -0600, Stefan Srdic wrote: > iptables -A INPUT --protocol tcp -i $DSLIFACE -d $ANYADDR \ > --destination-port :1023 -j REJECT > iptables -A INPUT --protocol tcp -i $DSLIFACE -s $ANYADDR \ > --source-port :1023 -j REJECT
> Anyway, I'm having a few problems with this configuration. It doesn't work!! > After I run the script I can ping websites (which means ICMP works along with > DNS, but I'm running BIND as a caching-only nameserver) but cannot use any of > the other TCP services that I have listed above. I can't really follow what you're trying, but that second reject rule blocks outgoing traffic. (Use iptables -n -v -L to see the list of rules and a count of the packets that each affect.) You probably want to accept outbound traffic for specific ports before rejecting any. > > Try "#!/bin/sh -x" instead. It displays the commands at the script executes. It's utile for debugging shell scripts.
