Thibault Le Meur wrote: > Thanks for your reply, *nod* No problem. > You're right, but in fact I didn't give the whole configuration. The > iptables script is generated by Fwbuilder and the following lines are > relevant: > > # Default policy is to DROP everything > $IPTABLES -P OUTPUT DROP > $IPTABLES -P INPUT DROP > $IPTABLES -P FORWARD DROP > > # First accept any related, established packets > $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > $IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT > > # > # Then Rule 0 for the loopback interface > # > $IPTABLES -A INPUT -i lo -m state --state NEW -j ACCEPT > $IPTABLES -A OUTPUT -o lo -m state --state NEW -j ACCEPT > > I think the "# First accept any related, established packets" rules should > do the same as the proposed modification. > > Am I right? I would think so and agree with you on this one. I'm taking it that there is more to your script? If that is the case could we see the entire script or at the very least an output of iptables-save after your script has run? Grant. . . .
