i was refering to the book on linux net admin by olaf kirch the example gives 'a organization having a firewall machine to allow internal users to be able to access WWW servers on the internet but no other traffic to be passed' the iptable rules given are iptables -F FORWARD iptables -P FORWARD DROP iptables -A FORWARD -m tcp -p tcp -s 0/0 --sport 80 -d 172.16.1.0/24 --syn -j DROP iptables -A FORWARD -m tcp -p tcp -s 172.16.1.0/24 --sport 80 -d 0/0 -j ACCEPT iptables -A FORWARD -m tcp -p tcp -d 172.16.1.0/24 --dport 80 -s 0/0 -j ACCEPT i dont kinda understand this... firstly 2nd line whats the -P. i guess its the default policy. but i could have given as iptables -A FORWARD -j DROP 2nddly 3rd line why the -j DROP i thought it should be ACCEPT 3rdly since it says access the WWW servers on the internet why is it that on the 4th linethe --sport is 80 the source doesnt necessarily have to be 80 it could be any unprivileged port. the --dport should be infact 80 and the last line also seems confusing to me. where the -d is the network-ip please help me/ suggest. regards Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com Buy The Best In BOOKS at http://www.bestsellers.indiatimes.com Bid for for Air Tickets @ Re.1 on Air Sahara Flights. Just log on to http://airsahara.indiatimes.com and Bid Now !
