Hello,
with use connection tracking you can define common rules for ongoing
traffic on top of you rule set:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
and then add specific rules for any required services, e.g.:
iptables -A OUTPUT -o eth0 -p tcp --sport $UNPRIVPORTS \
-d pop.mail.yahoo.co.uk --dport 110 -m state --state NEW -j
ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport $UNPRIVPORTS \
-d pop.1and1.fr --dport 110 -m state --state NEW -j ACCEPT
--
Regards,
Kozlov Andrey.
I have got some iptables rules suche as :
Code:
iptables -A OUTPUT -o eth0 -p tcp -d pop.mail.yahoo.co.uk
--dport 110 --sport $UNPRIVPORTS -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -d pop.1and1.fr --dport 110
--sport $UNPRIVPORTS -m state --state NEW,ESTABLISHED,RELATED -j
ACCEPT
iptables -A INPUT -i eth0 -p tcp -s
pop.mail.yahoo.co.uk --sport
110 --dport $UNPRIVPORTS -m state --state ESTABLISHED,RELATED -j
ACCEPT
iptables -A INPUT -i eth0 -p tcp -s pop.1and1.fr --sport 110
--dport $UNPRIVPORTS -m state --state ESTABLISHED,RELATED -j ACCEPT
and I would like to put them on only two lines. I glanced at the man
page but I have not found anything of interest.
Is that possible ?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
