On Thu, 2004-09-23 at 16:45, Askar wrote: > hi all > > what if I do (and im doing this from last two hours ;)) > > iptables -A FORWARD -p tcp --dport 31000:65500 -j DROP > iptables -A FORWARD -p udp --dport 31000:65500 -j DROP > uh...depending on your other rules--you could be dropping tons o' legitimate traffic; i.e, inbound replies to your outbound requests. how's about showing us: iptables -vnxL FORWARD a better approach (in general) is to set the policy of FORWARD to DROP, and only allow through that which you need to allow through. it keeps you from getting tempted to do what you just did, as well. -j -- Jason Opperisano <opie@xxxxxxxxxxx>
