>> Would it be safe to set the OUTPUT default policy to ACCEPT? >> Every time I set it to DROP I get locked out, I suppose it >> has to do with the fact that I have no rules for the OUTPUT chain. > > A lot of people set OUTPUT policy to ACCEPT. > You can always do something like : Forgot an important rule.. : > $ipt -P OUTPUT DROP $ipt -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT > $ipt -A OUTPUT -p tcp --sport 1024: -j ACCEPT <...> Gr, Rob