Thanks Parser, My script is ok now! You are right : I need to accept connection FROM port. But I needed the udp rules to samba because without the liberantion samba udp, it didn't work.
Only another question, if I put ACCEPT in OUTPUT, don't make sense if I put: iptables -t filter -A OUTPUT -p tcp --dport 515 -j ACCEPT to only accept the output to the printer port?? And here I had to put ...OUTPUT -p tcp --source-port 515 -j ACCEPT ??? And I have to accept the output to my ssh, ok? Thanks again, Renata. Citando Parker Morse <[EMAIL PROTECTED]>: > On Friday, Sep 26, 2003, at 15:43 US/Eastern, [EMAIL PROTECTED] wrote: > > I am writing a script to iptables but I have problems because all the > > connection > > with the computer are closed and I think this is because the policies > > in the > > INPUT, FORWARD and OUTPUT > > See my script and if someone knows why all the connection are closed > > please > > help > > Whether or not these rules will work for you depends A LOT on what > you're trying to use the machine for. Since I see rules for a printer > and for samba, can we assume that this machine is a workstation? > > Are you trying to connect TO this machine? Or FROM it to some other > machine? With what, SSH? Those questions matter a lot. > > >> # ssh tcp > >> iptables -A INPUT -s 143.107.17.16 -p tcp --source-port 22 -j ACCEPT > > You need to be accepting connections TO port 22, if you're connecting > TO this machine. Here, you're accepting connections FROM port 22. > > iptables -A INPUT -s 143.107.17.16 -p tcp --dport ssh -j ACCEPT > > >> # samba udp ports 137 a 139 > >> iptables -A INPUT -s 143.107.17.16 -p udp --source-port 137:139 -j > >> ACCEPT > >> > >> # ssh udp > >> iptables -A INPUT -s 143.107.17.16 -p udp --source-port 22 -j ACCEPT > > I don't think you need these UDP rules. > > >> # close others connections > >> iptables -t filter -P INPUT DROP > >> iptables -t filter -P OUTPUT DROP > >> iptables -t filter -P FORWARD DROP > > You might want to change the second line to > > iptables -t filter -P OUTPUT ACCEPT > > ...or the reply packets to any connection will never get out. > > ObRodolfo: Try Shorewall... > > pjm > > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED] > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
