IPTABLES! Input filters work, Output all blocked! HELP

**halonothing** · 09-13-2008

wtf is wrong with this picture? i thought :OUTPUT ACCEPT [0:0] means accept all outgoing traffic. Yet i cannot ping out, cannot ssh out, cannot telnet out etc..

p.s. can anyone tell me what the [0:0] means in those chains?

Code:

*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]

-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
# -A INPUT -i eth0 -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 3784 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 3784 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 21 -j ACCEPT


COMMIT

**halonothing** · 09-13-2008

note: if i run iptables -P INPUT ACCEPT , it allows me to send OUT. any explanation? but then all my ports are open...

**iwanabeguru** · 09-15-2008

Hi

The input chain filters the incoming connections. If you provide any server service you need open the proper port.

For example , if you want run a webserver and you want allow connections from the internet to your webserver you must open the 80 port.

For a desktop you can safely close down all ports in the input chain.
this line
-A INPUT -i eth0 -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT

allow back any package which is answer for one of your request.

give us an iptables -L output please

Thread Tools

Display

IPTABLES! Input filters work, Output all blocked! HELP

Posting Permissions