[Zope] IPTables and Zope
Kevin Carlson
khcarlso at bellsouth.net
Thu Oct 2 15:48:38 EDT 2003
Rechenberg, Andrew wrote:
>Instead of making the default policy DROP, why not keeping the default
>policy as ACCEPT and explicitly drop all traffic after you allow dport
>80 and 8080?
>
>
>
This works great! The only issue that I have now is that some of the
connections that our application makes to external servers via port 443
get blocked when the outside server wants to send data back in over the
same connection. I'm sure this has something to do with iptables state
management and allowing ESTABLISHED / RELATED traffic like I've seen for
FTP. Overall this was exactly what I was looking for.
Thanks!
>Something like:
>
># Create your own chain for dropping and logging
>#
>iptables -N DROP_AND_LOG
>iptables -A DROP_AND_LOG -j LOG --log-level info --log-prefix
>"FW_UNATH: "
>iptables -A DROP_AND_LOG -j DROP
>
>
>iptables -A INPUT -p tcp -s 0/0 -d $YOUR_IP --dport 80 -j ACCEPT
>iptables -A INPUT -p tcp -s 0/0 -d $YOUR_IP --dport 8080 -j ACCEPT
>iptables -A INPUT -i $YOUR_ETH_INT -j DROP_AND_LOG
>
>
>
More information about the Zope
mailing list