iptables and Firefox problem
So here's my problem. I want to use iptables. Firefox changes ports each time it opens. I want to block all ports and specify which ones to open. Does anyone know how to set it up so Firefox can use whichever ports it wants?
Thanks, Zach |
I'm pretty sure that you will need to use connection tracking.
|
cgjones is correct. The beauty of iptables over its predecessor ipchains is the notion of statefull packet inspection (SPI). Even though your Firefox is changing its source ports dynamically, SPI will make your firewall track each outgoing connection allow in the return packets without having to specify the exact port to allow. It is done with the following rules:
iptables -P INPUT DROP iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT The first rule sets the default INPUT policy to DROP and the second rule is the SPI rule I mentioned earlier. With just these two rules, your computer will not allow in any *unsolicited* inbound traffic. It will however allow in any traffic that you (or a computer behind your firewall) initiated. |
one more question
Hi, thank you for that command. I very much appreciate it. I have one more question. As far as output goes, can you do a similar command? I tried the same one swapping input and output but didn't work. Thanks again for your previous post!
|
All times are GMT -5. The time now is 05:51 PM. |