| Stephen Gran on 18 Jan 2005 04:37:42 -0000 |
|
On Mon, Jan 17, 2005 at 04:16:07PM -0500, Tobias DiPasquale said: > > iptables -P OUTPUT DROP > iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT > iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT > > That will drop all outgoing traffic except SSH or HTTP sessions and > connections that are already open or logically related to those that > are already open (which in the case of HTTP is none). Minor nitpick - I think Jeff said that this machine hosted an ssh and http _server_, so he wants sport rather than dport above. Otherwise, well said. -- -------------------------------------------------------------------------- | Stephen Gran | BOFH excuse #158: Defunct processes | | steve@lobefin.net | | | http://www.lobefin.net/~steve | | -------------------------------------------------------------------------- Attachment:
pgpAbioG1K5xY.pgp ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|