From: "Hiren Dave" <hiren2k4@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] another iptables question...
Date: Thu, 30 Mar 2006 19:52:46 +0530 [thread overview]
Message-ID: <a944a7520603300622x1fa2e933u75e5afad9d0176c0@mail.gmail.com> (raw)
In-Reply-To: <20060328173624.107e15c2.hilse@web.de>
[-- Attachment #1: Type: text/plain, Size: 2258 bytes --]
Hi,
> please post the output of "iptables -vnL". We're talking about users on
that PC, not those using it as a gateway/router/bridge/whatever, correct?
YES
Output of iptables -nvL is:
#iptables -nvL
Chain INPUT (policy ACCEPT 24 packets, 1440 bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 15 packets, 900 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 OWNER UID match 0
9 540 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
TnR
Hiren
On 3/28/06, Hans-Werner Hilse <hilse@web.de> wrote:
>
> Hi,
>
> On Tue, 28 Mar 2006 19:44:07 +0530 "Hiren Dave" <hiren2k4@gmail.com>
> wrote:
>
> > I did this:
> > [...]
> > #iptables -A OUTPUT -m owner --uid-owner 0 -j ACCEPT
> > #iptables -A OUTPUT -j DROP
> > [...]
> > Still other users including root can ping other PCs. Why is this not
> > working?
>
> please post the output of "iptables -vnL". We're talking about users on
> that PC, not those using it as a gateway/router/bridge/whatever,
> correct?
>
> > Also I have some diffulties understanding Connection Tracking(NEW,
> > ESTABLISHED, RELATED, INVALID) concept.
>
> Those are protocol dependant. I really think that those are well
> described even in iptables man page. Basically, you'll want sth like
> this:
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> and maybe the same for FORWARD. Of course, for FORWARD, you'll want to
> match NEW,ESTABLISHED,RELATED for outgoing connections (well, or even
> don't impose any restrictions for outgoing connections).
>
> > Any practical guide available on internet for iptables???
>
> Lots. That "practical" depends on the problem faced which you didn't
> describe at all. So del.icio.us would be my first hint, Google follows:
>
> http://del.icio.us/tag/netfilter
> http://www.google.com/search?q=netfilter
>
> (note that the concept is usually referred to as "netfilter")
>
> -hwh
> --
> gentoo-user@gentoo.org mailing list
>
>
[-- Attachment #2: Type: text/html, Size: 4113 bytes --]
prev parent reply other threads:[~2006-03-30 14:27 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-03-28 14:14 [gentoo-user] another iptables question Hiren Dave
2006-03-28 15:36 ` Hans-Werner Hilse
2006-03-30 14:22 ` Hiren Dave [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a944a7520603300622x1fa2e933u75e5afad9d0176c0@mail.gmail.com \
--to=hiren2k4@gmail.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox