LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   iptables and Firefox problem (https://www.linuxquestions.org/questions/linux-networking-3/iptables-and-firefox-problem-541696/)

zach8202 03-29-2007 02:10 PM
iptables and Firefox problem
 
So here's my problem. I want to use iptables. Firefox changes ports each time it opens. I want to block all ports and specify which ones to open. Does anyone know how to set it up so Firefox can use whichever ports it wants?
Thanks, Zach

cgjones 03-29-2007 03:14 PM
I'm pretty sure that you will need to use connection tracking.

SiegeX 03-30-2007 02:44 AM
cgjones is correct. The beauty of iptables over its predecessor ipchains is the notion of statefull packet inspection (SPI). Even though your Firefox is changing its source ports dynamically, SPI will make your firewall track each outgoing connection allow in the return packets without having to specify the exact port to allow. It is done with the following rules:

iptables -P INPUT DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT


The first rule sets the default INPUT policy to DROP and the second rule is the SPI rule I mentioned earlier. With just these two rules, your computer will not allow in any *unsolicited* inbound traffic. It will however allow in any traffic that you (or a computer behind your firewall) initiated.

zach8202 04-02-2007 11:49 AM
one more question
 
Hi, thank you for that command. I very much appreciate it. I have one more question. As far as output goes, can you do a similar command? I tried the same one swapping input and output but didn't work. Thanks again for your previous post!


All times are GMT -5. The time now is 05:51 PM.