On March 3, 2004 08:11 pm, Kevin Mulcahy wrote: > Hi All > I have a very simple set of rules, with default policy for INPUT being > DROP and default OUTPUT being ACCEPT. > However, I can't hit anything on the outside. I can't ping, ssh - nothing. > When I flush everything I can see outside no problem. > My script is: > > IPTABLES="/sbin/iptables" > INTERFACE="eth0" > SERVER="x.x.x.x" > SSHA1="y.y.y.y" > $IPTABLES -P INPUT DROP > $IPTABLES -P OUTPUT ACCEPT > $IPTABLES -P FORWARD DROP > $IPTABLES -A INPUT -i $INTERFACE -p tcp -s $SSHA1 -d $SERVER --dport 22 > -j ACCEPT > $IPTABLES -A INPUT -i $INTERFACE -p tcp -s $ALLIP -d $ALLIP --dport 80 > -j ACCEPT > $IPTABLES -A INPUT -i $INTERFACE -p tcp -s $ALLIP -d $ALLIP --dport 443 > -j ACCEPT > $IPTABLES -A INPUT -i $INTERFACE -p ALL -m state --state > ESTABLISHED,RELATED -j ACCEPT > #Note - this appears to generate an error > # iptables: No chain/target/match by that name > # but would that affect OUTPUT ??? > $IPTABLES -A INPUT -i $INTERFACE -p ALL -j RETURN > > $IPTABLES -A OUTPUT -o $INTERFACE -p ALL -j ACCEPT Remove the -p ALL from your established related line. dont put one it ...covers all. in answer to the question you commented in there, YES it will ..your policy on input is DROP -- thus you are getting out, but nothing is getting BACK to you. Alistair. > > > Cheers > Kev.