Am Mon, 2003-02-17 um 08.43 schrieb Chris Barnes: > hi people i'm new to the list. > > anyway, I have a very simple firewall on a web server. I want to deny > access to everything except the web server (port 80) > > i have set the poilcy on all chains to drop and i have added a rule to > the input chain which says > > iptables -A INPUT -p tcp --sport 80 -j ACCEPT > It is --dport 80 if you want to allow packet with the destination port 80 to reach your webserver. By the way, i hope you have not set PREROUTING and POSTROUTING to DROP, do you? Cheers, Ralf -- Ralf Spenneberg UNIX/Linux Trainer and Consultant, RHCE, RHCX Waldring 34 48565 Steinfurt Germany Fon: +49(0)2552 638 755 Fax: +49(0)2552 638 757 Mobil: +49(0)177 567 27 40 Markt+Technik Buch: Intrusion Detection für Linux Server IPsec/PPTP Kernels for Red Hat Linux: http://www.spenneberg.com/.net/.org/.de Honeynet Project Mirror: http://honeynet.spenneberg.org Snort Mirror: http://snort.spenneberg.org
