Hello all, Thanks a lot for the mails. Well, I will reply to all the mails but first= =20 here is some more info/problem :) I tried this script on my dummy server.=20 But I faced 3 problems. 1. I could not ping to any ip/domain name. I got an error that ping: operation not permitted, even though I had not=20 specifically told it to drop ICMP. 2. I could not resolve host names, even though I had rules for port 53 li= ke=20 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 53 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 953 -j ACCEPT iptables -A INPUT -i eth0 -p udp --dport 53 -j ACCEPT iptables -A INPUT -i eth0 -p udp --dport 953 -j ACCEPT iptables -A INPUT -i eth0 -p udp --dport 53 -j ACCEPT iptables -A INPUT -i eth0 -p udp --dport 53 -j ACCEPT iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -i eth0 -p tcp --sport 53 -j ACCEPT iptables -A OUTPUT -i eth0 -p udp --sport 53 -j ACCEPT iptables -A OUTPUT-i eth0 -p tcp --dport 953 -j ACCEPT iptables -A OUTPUT-i eth0 -p udp --dport 953 -j ACCEPT I am using BIND 9.1.3 3. If I give a OUTPUT rule for e.g., iptables -A OUTPUT -i eth0 -p tcp --sport 21 -j ACCEPT I get an error saying I cannot specify -i eth0. It works properly when=20 I remove -i eth0. Is it OK? I have all the default policies of INPUT, OUTPUT and FORWARD set to drop. Thanks a lot for helping me out and bye=20 -Payal
