iptables and OUTPUT policy
Hello,
Are the following iptables rules wrong? Code:
-P INPUT ACCEPT |
Wrong for what? With a default accept output, you only are blocking tcp/40 outbound which I can't see a practical application for.
|
Quote:
Thank you so much for your reply. Not really. I have only allowed exit to port 40 and other ports are blocked. |
Hello,
No idea? Thanks. |
Quote:
Quote:
|
Quote:
Thank you so much for your reply. 1- How can I solve it? I want the server to be able to send data only to port number 40. 2- Is the following rule also wrong? I just want a specific IP address to be able to connect to port 20. Code:
-A INPUT -s "IP" -p tcp -m tcp --dport 20 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT |
If you want to block by default, you should set the default policy to block.
Code:
iptables -P OUTPUT DROP |
Quote:
Thank you so much for your reply. Why you changed DROP to ACCEPT in the second rule? |
Because the default policy is already DROP and everything is dropped by default. If you don't make any exception, nothing is allowed and you wanted tcp/40.
Quote:
|
All times are GMT -5. The time now is 09:53 PM. |