On Sunday 07 March 2004 9:37 pm, Adesina Adebiyi wrote:
> Hello gentle expert,
>
> I am trying to adapt the iptables firewall for my hosting server. That is,
> http, https will be running on it to serve ecommerce clients. I have
> adapted rules to allow tcp inbound services for port 80 and 443. To be
> able to respond to the requesting clients, do I need corresponding tcp
> outbound services on port 80 and 443?
That depends on what your ruleset says.
If you DROP all OUTPUT packets, then of course your INPUT rules will do
nothing useful, because replies won't get out.
If you allow ESTABLISHED,RELATED packets in OUTPUT, then people will get
replies to whatever services you enable in INPUT (but the box itself will not
be able to generate any NEW outbound connections, eg: DNS, unless you allow
an OUTPUT rule for these).
I suggest you tell us your ruleset (either the iptables commands which set up
the rules, or the output of "iptables -L -nv; iptables -L -t nat -nv",
please, not the format created by iptables-save), and tell us what you want
the ruleset to do, and we can help a bit more specifically.
Regards,
Antony.
--
If you want to be happy for an hour, get drunk.
If you want to be happy for a year, get married.
If you want to be happy for a lifetime, get a garden.
Please reply to the list;
please don't CC me.
