Re: how to only allow tcp on dport 443 on the OUTPUT chain?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On 03/19/2011 02:19 PM, Bill Davidsen wrote:
> erikmccaskey64 wrote:
>> it's a normal desktop machines iptables firewall:
>> If i want to block udp on dport 80 on the output chain, then is this
>> enough? i want to only allow tcp on it!
>> iptables -P OUTPUT DROP
>> iptables -A OUTPUT -o $PUBIF --dport 80 -j ACCEPT
>> or i need this rule?
>> iptables -P OUTPUT DROP
>> iptables -A OUTPUT -o $PUBIF -p tcp --dport 80 -j ACCEPT
>> the second one is the good one?
> You don't want to do that, if you block everything on OUTPUT things like DHCP,
> ARP, ICMP, etc, fail. You would need pages of ACCEPT rules.
> iptables -A OUTPUT -p tcp ! --dport 80 -j REJECT
> Would at least block only tcp, although I bet you will find that you want to do
> mail and such. You are rapidly entering deep waters, I fear, but it's your machine.
Blocking output on port 80 will render your web browsers largely useless,
because web browsers send connection requests to web servers on port 80
using the TCP protocol.

users mailing list
[email protected]
To unsubscribe or change subscription options:

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux