-A FORWARD -s $NET --dport 80 -j ACCEPT -A FORWARD -d $NET --sport 80 -j ACCEPT
this to man: accept packets to thje internet if the source are my net (example 192.168.0.0/16) and destination port 80 ACCEPT
accept packages to my network if the source port are 80 (remote server are going to transmit by 80)
email:
port 110 pop, i don't remember imap
same rules, change the port
if the mail is webmail you don't need to open ports
media, well, you have to go to windows media player faq, realaudio faq, etc because i don't remember right now
then for the last RULE
-A FORWARD -s &NET -j DROP
that-s means: deny any package for my net
of course iptables are going to read rule by rule until the package match anyone, the general drop is use it to drop any other ports
If you want to drop messenger you have to install squid because when messenger does not have connection trought its original port then use 80.
Greetings
Rick
