I've noticed that I occasionally have output packets on my webserver that have source port 80 and a destination port > 1024 (I've recently seen 4911, 4912, 49440, 49521, and 50296). My current OUTPUT policy drops outbound traffic except on ports that are specifically allowed. The unprivileged ports are not currently allowed. I've seen a few sample iptables rulesets that allow outbound traffic to unprivileged ports from source port 80. Can someone explain to me why this happens, or point me to an explanation elsewhere? Are there reasons to allow (or not to allow) such traffic, i.e., with a rule like: iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp -s $IPADDR 1024:65535 \ --source-port 80 --destination-port "1024:65535" -j ACCEPT ? -- Adam Rosi-Kessel http://adam.rosi-kessel.org
Attachment:
signature.asc
Description: OpenPGP digital signature
