From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.54) id 1FOGK7-0007SE-TE for garchives@archives.gentoo.org; Tue, 28 Mar 2006 15:41:36 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.6/8.13.5) with SMTP id k2SFeonv001883; Tue, 28 Mar 2006 15:40:50 GMT Received: from gabriel.sub.uni-goettingen.de (gabriel.sub.uni-goettingen.de [134.76.163.126]) by robin.gentoo.org (8.13.6/8.13.5) with ESMTP id k2SFaQCM029352 for ; Tue, 28 Mar 2006 15:36:27 GMT Received: by gabriel.sub.uni-goettingen.de (Postfix, from userid 8) id A099DC1BF4; Tue, 28 Mar 2006 17:36:26 +0200 (CEST) Received: from sub00421 (unknown [134.76.161.221]) by gabriel.sub.uni-goettingen.de (Postfix) with ESMTP id 716BBAA2BE for ; Tue, 28 Mar 2006 17:36:25 +0200 (CEST) Date: Tue, 28 Mar 2006 17:36:24 +0200 From: Hans-Werner Hilse To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] another iptables question... Message-Id: <20060328173624.107e15c2.hilse@web.de> In-Reply-To: References: X-Mailer: Sylpheed version 2.2.2 (GTK+ 2.8.13; i586-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Details: No, hits=0.1 required=5.0 tests=AWL autolearn=ham version=2.64 X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on gabriel.sub.uni-goettingen.de X-Archives-Salt: 51e2cf30-84e9-4ece-874b-0e2124e240a8 X-Archives-Hash: 5a1177bc681ddf82efc595b60f3ccc72 Hi, On Tue, 28 Mar 2006 19:44:07 +0530 "Hiren Dave" wrote: > I did this: > [...] > #iptables -A OUTPUT -m owner --uid-owner 0 -j ACCEPT > #iptables -A OUTPUT -j DROP > [...] > Still other users including root can ping other PCs. Why is this not > working? please post the output of "iptables -vnL". We're talking about users on that PC, not those using it as a gateway/router/bridge/whatever, correct? > Also I have some diffulties understanding Connection Tracking(NEW, > ESTABLISHED, RELATED, INVALID) concept. Those are protocol dependant. I really think that those are well described even in iptables man page. Basically, you'll want sth like this: iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT and maybe the same for FORWARD. Of course, for FORWARD, you'll want to match NEW,ESTABLISHED,RELATED for outgoing connections (well, or even don't impose any restrictions for outgoing connections). > Any practical guide available on internet for iptables??? Lots. That "practical" depends on the problem faced which you didn't describe at all. So del.icio.us would be my first hint, Google follows: http://del.icio.us/tag/netfilter http://www.google.com/search?q=netfilter (note that the concept is usually referred to as "netfilter") -hwh -- gentoo-user@gentoo.org mailing list