On Wednesday 09 February 2005 17:12, Dave Ewart wrote: > On Wednesday, 09.02.2005 at 16:45 +0100, Manfred Sampl wrote: > > > [...] > > > > > > For every INPUT you need apropriate OUTPUT rule :) > > > I don't know your configuration or how exactly you are connected to the > > > network but for ssh you should probably have to add: > > > > > > $IPTABLES -A OUTPUT -o $EXTINT -d $EXTIP -p tcp --sport 22 -j ACCEPT > > > $IPTABLES -A OUTPUT -o $INTIF -p tcp --sport 22 -j ACCEPT > > [...] > > When I have INPUT rules to allow special types of traffic in, such as > SSH, I usually find that the best corresponding OUTPUT rules are to > allow ESTABLISHED and RELATED, rather than on the source ports of the > services one is allowing: which means that you won't need to add > additional OUTPUT rules if you later allow a different special service > in. This is probably just a matter of taste, though.
I have actually a ESTABLISHED, RELATED rule, but that didn't help: $IPTABLES -A INPUT -i $EXTIF -s $UNIVERSE -d $EXTIP -m state --state \ ESTABLISHED,RELATED -j ACCEPT Is there a gui tool that is able to set up a firewall rule set on a remote computer or write a bash script? I had a quick look at knetfilter and firestarter, but that isn't really what I need. Shorewall is somehow nice, but wouldn't that be a step back for me? Regards Manfred -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
