On Mon, 2003-02-17 at 19:09, Joel Newkirk wrote: > > You have to accept connections TO port 80, not FROM port 80... > > Try these: > > iptables -A INPUT -p tcp --dport 80 -j ACCEPT > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > > They will allow clients to connect and retrieve http documents, as well > as allowing the very useful ICMP controls like source_quench > fragmentation control and such that really make web browsing work > properly, but no other communication in OR out is allowed by these > rules. (assuming DROP policy on OUTPUT) Add appropriate ACCEPT rules > to OUTPUT if the server needs to initiate connections for some reason. > source_quench (sounds like a fruit juice drink :p ) and all that is really important? hmm, i had no idea such things existed (excuse my ignorance..newbie here). I'll make sure i add those rules... thanks heaps.
Attachment:
signature.asc
Description: This is a digitally signed message part
