Hi all, The "#" was been removed; so was the following line: # iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT I do not have any rules setup for OUTPUT Thanks, --TongKe On Thu, 30 Sep 2004 07:31:18 -0500 (EST), Mike Burger <mburger@xxxxxxxxxxxxxxxxx> wrote: > On Wed, 29 Sep 2004, TongKe Xue wrote: > > > Hi all, > > > > I'm using the iptables config from: > > http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-5.html > > > > Now, when I try that, apparently KDE and GNOME both refuses to start > > -- do they run some kind of server and then connect to it? How can I > > fix this? > > > > (Worked fine on RH9; but apparently refuses to work on FC2). > > > > To make it easier to respond; the section I'm referring to is: > > > > --BEGIN QUOTE-- > > ## Insert connection-tracking modules (not needed if built into kernel). > > # insmod ip_conntrack > > # insmod ip_conntrack_ftp > > > > ## Create chain which blocks new connections, except if coming from inside. > > # iptables -N block > > # iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT > > # iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT > > # iptables -A block -j DROP > > > > ## Jump to that chain from INPUT and FORWARD chains. > > # iptables -A INPUT -j block > > --END QUOTE-- > > Just a quick note...I'm hoping that you realize that if you have that > exact snippet in your firewall script, there's nothing going on, at > all...all of the lines starting with # are effectively commented out. > > -- > Mike Burger > http://www.bubbanfriends.org > > Visit the Dog Pound II BBS > telnet://dogpound2.citadel.org or http://dogpound2.citadel.org > > To be notified of updates to the web site, visit > http://www.bubbanfriends.org/mailman/listinfo/site-update, or send a > message to: > > site-update-request@xxxxxxxxxxxxxxxxx > > with a message of: > > subscribe > -- Knowledge is freedom. Read http://watchtower.org
