My script is ok now! You are right : I need to accept connection FROM port. But
I needed the udp rules to samba because without the liberantion samba udp, it
didn't work.
Only another question, if I put ACCEPT in OUTPUT, don't make sense if I put:
iptables -t filter -A OUTPUT -p tcp --dport 515 -j ACCEPT
to only accept the output to the printer port?? And here I had to put ...OUTPUT
-p tcp --source-port 515 -j ACCEPT ??? And I have to accept the output to my
ssh, ok?
I'm not the best person to be asking about firewalls, but:
I think you're confused about the way OUTPUT works. It acts on any packets sent out by your system. Unless you are concerned about how users of your system are going to be using it, you're creating more problems than you're solving by having too many rules on OUTPUT. Unlike INPUT, where you don't know what's coming in from outside, you're better off with a permissive policy (only blocking ports which cause trouble, instead of only opening ports you need) on OUTPUT.
Someone PLEASE correct me if I've got this wrong.
See <http://www.tldp.org/HOWTO/Firewall-HOWTO.html> and <http://www.tldp.org/HOWTO/IPCHAINS-HOWTO.html> for more information.
pjm
-- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
