On Wed, Jun 04, 2003 at 09:48:13AM -0700, Richard Cochinos wrote: > I followed the same guideline for OUTPUT, so my tables look something > like:
> Chain OUTPUT (policy ACCEPT) > target prot opt source destination > ACCEPT tcp -- anywhere anywhere tcp dpt:ssh > ACCEPT tcp -- anywhere anywhere tcp dpt:smtp > ACCEPT tcp -- anywhere anywhere tcp dpt:www > ACCEPT tcp -- anywhere anywhere tcp dpt:https on output it is "source port" not destination port. You can also add !syn on output. a slightly easier config is to allow all non-syn regardless of the source port. make sure to add anti spoofing filters. Greetings Bernd -- (OO) -- [EMAIL PROTECTED] -- ( .. ) [EMAIL PROTECTED],linux.de,debian.org} http://home.pages.de/~eckes/ o--o *plush* 2048/93600EFD [EMAIL PROTECTED] +497257930613 BE5-RIPE (O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
