> The person who said that connections are bi-directional was correct, but > not in saying that you need a complementary output rule for everything that depends on the definition of "complementary rule". ;-) eg, these rules belong together and can be called complementary:
#talk-server -A input -s x.y.z.0/24 -d x.y.z.a 517:518 -p 17 -j ACCEPT -A output -s x.y.z.a 517:518 -d x.y.z.0/24 -p 17 -j ACCEPT or this more common outgoing connection rule: #ssh-client -A output -s x.y.z.a -d x.0.0.0/8 22:22 -p 6 -j ACCEPT -A input -s x.0.0.0/8 22:22 -d x.y.z.a -p 6 -j ACCEPT ! -y of course, you can generalize: #tcp -A output -s x.y.z.a 1024:65535 -p 6 -j ACCEPT -A input -d x.y.z.a 1024:65535 -p 6 -j ACCEPT ! -y regards -- Hi! I'm a .signature virus! Copy me into your ~/.signature, please! -- Linux - the last service pack you'll ever need.
