Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
iptables
#1

How can i stop everything else than web and dns from my computer with iptables.

I just thought i could use the following:

 

iptables -A OUTPUT -p tcp --sport 80 -j ACCEPT

iptables -A OUTPUT -p udp --sport 53 -j ACCEPT

iptables -P OUTPUT DROP

 

But with this i cant surf the web at all...

 

 

 

-george

Reply
#2

When you visit some website you open some random high port (>1023) on your side (source port) and connect to the specified port (in general 80/tcp) on the server side (destination port). Your rules only allow outgoing connections whose source port is 80 - that will never ever happen. So go and use '--dport' (destination port) instead of '--sport' (source port). :)

 

z0ny

Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)