Problably because yahoo.com lies in your local DNS cache or on an cache server behind your firewall. add iptables -A OUTPUT -p tcp --destination-port domain -j ACCEPT iptables -A OUTPUT -p udp --destination-port domain -j ACCEPT also. You should also open up RELATED ICMP to minimize delay for errors. hth, Kjetil Laasby. > All: > > I am running directly off the firewall box. I currently have the > following: > > iptables -P OUTPUT ACCEPT > > When I change to this: > > iptables -P OUTPUT DROP > iptables -A OUTPUT -p tcp --destination-port http -j ACCEPT > > I keep getting "domainname can not be found. Please check the name and > try again" from my browser. This only happens for new web sites (i.e., > Yahoo works fine). As this seems somewhat like a DNS issue, I tried > adding this: > > iptables -A OUTPUT -p tcp --destination-port nameserver -j ACCEPT > > but it didn't work. Any ideas? Thanks. > > Neil Hodge > > >
