On 03/19/2011 02:19 PM, Bill Davidsen wrote: > erikmccaskey64 wrote: >> it's a normal desktop machines iptables firewall: >> >> If i want to block udp on dport 80 on the output chain, then is this >> enough? i want to only allow tcp on it! >> iptables -P OUTPUT DROP >> iptables -A OUTPUT -o $PUBIF --dport 80 -j ACCEPT >> >> or i need this rule? >> iptables -P OUTPUT DROP >> iptables -A OUTPUT -o $PUBIF -p tcp --dport 80 -j ACCEPT >> >> the second one is the good one? >> > You don't want to do that, if you block everything on OUTPUT things like DHCP, > ARP, ICMP, etc, fail. You would need pages of ACCEPT rules. > > iptables -A OUTPUT -p tcp ! --dport 80 -j REJECT > > Would at least block only tcp, although I bet you will find that you want to do > mail and such. You are rapidly entering deep waters, I fear, but it's your machine. > Blocking output on port 80 will render your web browsers largely useless, because web browsers send connection requests to web servers on port 80 using the TCP protocol. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
