Hi, I use kernel version 2.4.17 and 2.4.18 (Debian 2.2) and I have these rules in my IPtables settings:
iptables -P OUTPUT DROP ## Allow ESTABLISHED and RELATED trafic iptables -A OUTPUT -o $IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT ## DNS iptables -A OUTPUT -o $IFACE -p udp --dport domain -m state --state NEW -j ACCEPT iptables -A OUTPUT -o $IFACE -p tcp --dport domain -m state --state NEW -j ACCEPT ## SSH iptables -A OUTPUT -o $IFACE -p tcp --dport ssh -m state --state NEW -j ACCEPT ## SMTP iptables -A OUTPUT -o $IFACE -p tcp --dport smtp -m state --state NEW -j ACCEPT ## WEB iptables -A OUTPUT -o $IFACE -p tcp --dport www -m state --state NEW -j ACCEPT iptables -A OUTPUT -o $IFACE -p tcp --dport https -m state --state NEW -j ACCEPT # Any tcp not already allowed is logged and then dropped. iptables -A OUTPUT -o $IFACE -p tcp -j LOG --log-prefix "IPTABLES TCP-OUT: " iptables -A OUTPUT -o $IFACE -p tcp -j DROP Sometimes I see in my log file something like this: Mar 25 03:16:40 box kernel: IPTABLES TCP-OUT: IN= OUT=eth0 SRC=MYIPADDRESS DST=66.185.84.69 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=16488 PROTO=TCP SPT=80 DPT=54030 WINDOW=6432 RES=0x00 ACK URGP=0 It's a reply from a web server, so it should be allowed in the first line as an established packet, so I don't know why it's not. It happens from different ports, not just from 80. -- Martin Pavlas Pwrgeneration.net ICC s.r.o.
