-----Original Message----- From: Bernd Petrovitsch [mailto:bernd@xxxxxxxxx] Sent: 21 November 2006 10:13 To: Tim Edwards Cc: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Re: (no subject) > Yes. Just insert such a rule into the OUTPUT chain. Ok I have the following rules but it still isn't cutting off existing connections: #!/bin/bash # First clear all rules (and set the policy to DROP on the default chains) iptables -F # Second delete all the extra (user-defined) chains iptables -X # Set polcy on the default chains iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP # allow anything over loopback iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Allow incoming ssh and http/s connections iptables -A INPUT -p tcp -m tcp -m multiport --dports 22,80,443 -j ACCEPT iptables -A INPUT -j LOG --log-prefix="INPUT REJECT" --log-level=info iptables -A INPUT -j REJECT # Allow already established ssh and http/s connections back out through the firewall iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -j LOG --log-prefix="OUTPUT REJECT" --log-level=info iptables -A OUTPUT -j REJECT iptables -A FORWARD -j LOG --log-prefix="FORWARD REJECT" --log-level=info iptables -A FORWARD -j REJECT This email and any attachment may contain confidential, privileged information for the sole use of the intended recipient. If you are not the intended recipient, do not disclose, reproduce, disseminate or otherwise use this communication. If you received this communication in error, please immediately notify the sender via email and delete the communication from your system.
