RE: A few questions|
Sat, 29 Dec 2001 00:31:58 +0100|
> Should there be rules on the OUTPUT chain?
Only if you want. OUTPUT, I believe, is output from this host (fw02). Do
you have a policy of DROP or REJECT? If so, then you need to allow output
for cipcb0 like you probably do for lo and eth1, assuming eth1 is your LAN
> Is it necessary to have OUTPUT rules similar to the INPUT rules you
> suggested? In this case, udp packets through the OUTPUT chain? Also,
> ACCEPT packets from cipcb0 on the OUTPUT chain?
I didn't really give you complete rules, because I don't know what you are
already doing with iptables. If you have a policy of DROP or REJECT for the
OUTPUT chain, then you will need output rules, something like this:
iptables -A OUTPUT -o cipcb0 -j ACCEPT
I don't have much more than egress filtering on my OUTPUT chain, so my
OUTPUT chain has a policy of ACCEPT.