On Tue, 2011-06-14 at 07:41 -0700, Ivan Matala wrote: > In short, what rules to add to block other ports except, ssh and port 80, 3128. Assuming you're using iptables to forward packets, something like: iptables -A FORWARD -p tcp -m multiport --dports 22,80,3128 -j ACCEPT iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -j DROP Your email is not very clear, so it depends whether you are trying to allow inbound connections or connections to external servers. You'll therefore need to change dports to sports as required. In the same vein you may also need to change FORWARD to INPUT. Andy -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
