public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
From: "Hiren Dave" <hiren2k4@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] another iptables question...
Date: Thu, 30 Mar 2006 19:52:46 +0530	[thread overview]
Message-ID: <a944a7520603300622x1fa2e933u75e5afad9d0176c0@mail.gmail.com> (raw)
In-Reply-To: <20060328173624.107e15c2.hilse@web.de>

[-- Attachment #1: Type: text/plain, Size: 2258 bytes --]

Hi,

> please post the output of "iptables -vnL". We're talking about users on
that PC, not those using it as a gateway/router/bridge/whatever, correct?

YES

Output of iptables -nvL is:

#iptables -nvL
Chain INPUT (policy ACCEPT 24 packets, 1440 bytes)
 pkts bytes target     prot opt in     out     source
destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source
destination

Chain OUTPUT (policy ACCEPT 15 packets, 900 bytes)
 pkts bytes target     prot opt in     out     source
destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0           OWNER UID match 0
    9   540 DROP       all  --  *      *       0.0.0.0/0
0.0.0.0/0
TnR
Hiren

On 3/28/06, Hans-Werner Hilse <hilse@web.de> wrote:
>
> Hi,
>
> On Tue, 28 Mar 2006 19:44:07 +0530 "Hiren Dave" <hiren2k4@gmail.com>
> wrote:
>
> > I did this:
> > [...]
> > #iptables -A OUTPUT -m owner --uid-owner 0 -j ACCEPT
> > #iptables -A OUTPUT -j DROP
> > [...]
> > Still other users including root can ping other PCs. Why is this not
> > working?
>
> please post the output of "iptables -vnL". We're talking about users on
> that PC, not those using it as a gateway/router/bridge/whatever,
> correct?
>
> > Also I have some diffulties understanding Connection Tracking(NEW,
> > ESTABLISHED, RELATED, INVALID) concept.
>
> Those are protocol dependant. I really think that those are well
> described even in iptables man page. Basically, you'll want sth like
> this:
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> and maybe the same for FORWARD. Of course, for FORWARD, you'll want to
> match NEW,ESTABLISHED,RELATED for outgoing connections (well, or even
> don't impose any restrictions for outgoing connections).
>
> > Any practical guide available on internet for iptables???
>
> Lots. That "practical" depends on the problem faced which you didn't
> describe at all. So del.icio.us would be my first hint, Google follows:
>
> http://del.icio.us/tag/netfilter
> http://www.google.com/search?q=netfilter
>
> (note that the concept is usually referred to as "netfilter")
>
> -hwh
> --
> gentoo-user@gentoo.org mailing list
>
>

[-- Attachment #2: Type: text/html, Size: 4113 bytes --]

      reply	other threads:[~2006-03-30 14:27 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-03-28 14:14 [gentoo-user] another iptables question Hiren Dave
2006-03-28 15:36 ` Hans-Werner Hilse
2006-03-30 14:22   ` Hiren Dave [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=a944a7520603300622x1fa2e933u75e5afad9d0176c0@mail.gmail.com \
    --to=hiren2k4@gmail.com \
    --cc=gentoo-user@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox