On Tue, 08 Mar 2011 23:35:03 -0800, erikmccaskey64 <[email protected]>
wrote:
>
> it's a normal desktop machines iptables firewall:
>
>
> If i want to block udp on dport 80 on the output chain, then is this enough?
> i want to only allow tcp on it!
> iptables -P OUTPUT DROP
> iptables -A OUTPUT -o $PUBIF --dport 80 -j ACCEPT
>
Only allowed outgoing traffic is on $PUBIF inteface for tcp and udp port
80.
On all other interfaces all outgoing traffic is blocked.
>
> or i need this rule?
> iptables -P OUTPUT DROP
> iptables -A OUTPUT -o $PUBIF -p tcp --dport 80 -j ACCEPT
>
Only allowed outgoing traffic is on $PUBIF interface for tcp port 80. On
all
other interfaces all outgoing traffic is blocked.
I may be mistaken, but such hard rules could cause serious problems. I
think
that even dns name resolution would not work anymore (you cannot send out dns
queries).
Essentialy you could only browse websites on port 80 using IP numbers instead
of server
name.
--
Virgo Pärna
[email protected]
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/[email protected]
