public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
From: Hans-Werner Hilse <hilse@web.de>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] another iptables question...
Date: Tue, 28 Mar 2006 17:36:24 +0200	[thread overview]
Message-ID: <20060328173624.107e15c2.hilse@web.de> (raw)
In-Reply-To: <a944a7520603280614r4d51eeadye63d6d88b671f8df@mail.gmail.com>

Hi,

On Tue, 28 Mar 2006 19:44:07 +0530 "Hiren Dave" <hiren2k4@gmail.com>
wrote:

> I did this:
> [...]
> #iptables -A OUTPUT -m owner --uid-owner 0 -j ACCEPT
> #iptables -A OUTPUT -j DROP
> [...]
> Still other users including root can ping other PCs. Why is this not
> working?

please post the output of "iptables -vnL". We're talking about users on
that PC, not those using it as a gateway/router/bridge/whatever,
correct?

> Also I have some diffulties understanding Connection Tracking(NEW,
> ESTABLISHED, RELATED, INVALID) concept.

Those are protocol dependant. I really think that those are well
described even in iptables man page. Basically, you'll want sth like
this:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
and maybe the same for FORWARD. Of course, for FORWARD, you'll want to
match NEW,ESTABLISHED,RELATED for outgoing connections (well, or even
don't impose any restrictions for outgoing connections).

> Any practical guide available on internet for iptables???

Lots. That "practical" depends on the problem faced which you didn't
describe at all. So del.icio.us would be my first hint, Google follows:

http://del.icio.us/tag/netfilter
http://www.google.com/search?q=netfilter

(note that the concept is usually referred to as "netfilter")

-hwh
-- 
gentoo-user@gentoo.org mailing list



  reply	other threads:[~2006-03-28 15:41 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-03-28 14:14 [gentoo-user] another iptables question Hiren Dave
2006-03-28 15:36 ` Hans-Werner Hilse [this message]
2006-03-30 14:22   ` Hiren Dave

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060328173624.107e15c2.hilse@web.de \
    --to=hilse@web.de \
    --cc=gentoo-user@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox