<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: RE: A few questions
From: SBNelson,AT,thermeon,DOT,com
Date: Sat, 29 Dec 2001 00:31:58 +0100

> Should there be rules on the OUTPUT chain?
Only if you want.  OUTPUT, I believe, is output from this host (fw02).  Do
you have a policy of DROP or REJECT?  If so, then you need to allow output
for cipcb0 like you probably do for lo and eth1, assuming eth1 is your LAN

> Is it necessary to have OUTPUT rules similar to the INPUT rules you
> suggested?  In this case, udp packets through the OUTPUT chain?  Also,
> ACCEPT packets from cipcb0 on the OUTPUT chain?
I didn't really give you complete rules, because I don't know what you are
already doing with iptables.  If you have a policy of DROP or REJECT for the
OUTPUT chain, then you will need output rules, something like this:

iptables -A OUTPUT -o cipcb0 -j ACCEPT

I don't have much more than egress filtering on my OUTPUT chain, so my
OUTPUT chain has a policy of ACCEPT.

<< | Thread Index | >> ]    [ << | Date Index | >> ]