Thank you Antony for your idea. But...if I set my OUTPUT to DROP which ports and protocols can I set to ACCEPT to rum nmap to allow scan to other machines? Thx On Tue, 22 Oct 2002 19:31:42 +0100 Antony Stone <Antony@Soft-Solutions.co.uk> wrote: > On Tuesday 22 October 2002 4:42 pm, antonio wrote: > > > Hi Everyone, > > > > Just a question: > > I want to set up a firewall box with iptables in which I can use nmap. > > Which ports/protocols can I set to ACCEPT and which to DROP? > > Do you mean you want to run nmap on a box also running netfilter, to scan > other machines ? > > If so, set your OUTPUT policy to ACCEPT, set your INPUT policy to DROP with a > single rule: > > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > > and you'll be able to scan other machines and get the replies back, but > anything new coming in to your machine will be blocked. > > If I didn't understand correctly what you wanted to do please give more > details. > > Antony. > > -- > > Which part of 'apt-get dist-upgrade' do you not understand ??? >
