Block FORWARD Rules
Hi there,
I am trying to block all outgoing traffic (via iptables FORWARD chain) and allow only certain common ports to open (eg. 22,25,80, 110, etc)
Problem is that when I perform downloading via the browser, the ports are always a dynamic ports so I always unable to download unless I allow it to.
How can I solve this problem?
Below is my log file
***************
Jan 12 17:02:49 fw kernel: FWD denied:IN=eth2 OUT=eth0 SRC=192.x.x.10 DST=203.126.164.142 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=55643 DF PROTO=TCP SPT=1779 DPT=3895 WINDOW=64512 RES=0x00 SYN URGP=0
Jan 12 17:03:02 fw kernel: FWD denied:IN=eth2 OUT=eth0 SRC=192.x.x.10 DST=203.126.164.142 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=55876 DF PROTO=TCP SPT=1781 DPT=3896 WINDOW=64512 RES=0x00 SYN URGP=0
|