"Laurence J. Lane" wrote: > On Wed, Jun 06, 2001 at 11:46:11PM -0600, Stefan Srdic wrote: > > > iptables -A INPUT --protocol tcp -i $DSLIFACE -d $ANYADDR \ > > --destination-port :1023 -j REJECT > > iptables -A INPUT --protocol tcp -i $DSLIFACE -s $ANYADDR \ > > --source-port :1023 -j REJECT > > I can't really follow what you're trying, but that second reject rule > blocks outgoing traffic. (Use iptables -n -v -L to see the list of > rules and a count of the packets that each affect.) You probably want to > accept outbound traffic for specific ports before rejecting any. >
Well, I'm trying to reject all well know ports and then allow only those that I need for my home LAN. After a good night's sleep and some morning coffee I saw that the second rule was not necessary. I eleminated it and I'm performing a remote port scan to test my netfilter configuration. Now with TCP almost out of the way I have to filter ICMP and UDP. Isn't port filtering fun? > > > > Try "#!/bin/sh -x" instead. > > It displays the commands at the script executes. It's utile for debugging > shell scripts. Excellent, thanks for all your help. I'll have to post my final firewall configuration once I'm done :-D Stef
