[EMAIL PROTECTED] wrote:
If we're talking iptables here, did you also allow established and related connections? In iptables, the rule for an interface would be:I locked down my laptop with a firewall script to only allow port 80.
I noticed that only the text gets downloaded from ucsd.edu.
It seems that the graphics from ucsd.edu could not get
through my firewall.
Do webs sites now send JPEGs in parallel with the text on a different port or something?
chris
iptables -A INPUT -i [interfacename] -s [allowed_addresses] -p tcp --sport 1024:65535 --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
If you want to allow anyone to connect on port 80, omit the -s[interfacename] stipulation.
If you only allow new connections, incoming images, which might come from a different server, but be related to an existing connections will be dropped because they won't match a rule allowing just new connections.
Only thing I can think of.
Robert Donovan -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
