Here's what I've used in the past. It allows connections for certain ports/places and then drops everything else as the last item. http://linux.duke.edu/~skvidal/misc/iptables-template it's pretty painless, really. If we want to add explicit outbound rules, too, that's fine, but I'd advise enabling logging b/c that stuff is easy to get wrong. :) This is just a sample but it's simple and straightforward. -sv
Attachment:
signature.asc
Description: This is a digitally signed message part
