Quote:
Originally Posted by erico1275
New to Linux and I need to setup my iptables rules for my computer to allow request and respond to HTTP, this is what I have so far. Does this look right?
iptables -A INPUT -p TCP --dport 80 -j ACCEPT
iptables -A OUTPUT -p TCP --sport 80 -j ACCEPT
thanks!
|
It's kind of weird because you're completely ignoring packet states. If the server where these rules are active gets a non-root account compromised, the box can be used to send scan and attack TCP packets all over the Internet as long as the packets have their source ports set to 80. You can do much better than this, really. At the very least, you should have your OUTPUT rule specify that it's only meant for packets in state ESTABLISHED.
And yeah, like
Tinkster said — we really do need the whole picture.
EDIT: Actually, I just noticed the thread title you used. If this is indeed for a PC (and not a server) then the rules are completely erroneous. We'll set you straight once you reply with more information.