#!/bin/sh
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD DROP

/sbin/iptables -F

#oprn22£¬445 ports
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 445 -j ACCEPT

#Drop others
/sbin/iptables -A INPUT -p tcp --syn -j DROP

#avert Ping of death
/sbin/iptables -A INPUT -p icmp --icmp-type echo-request -i eth0 -j DROP 19
#avert SYN Flood
/sbin/iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT

when I accept this rules on iptables ,the Gnome can't work but KDE find.when I stop it,the gnome workd fine.
I cant find what problems in my rules.
Does anybody know this why?
thx!

somebody know this?
plz help me!

Well for starters, with this default rule, you really don't have a firewall. Usually the best thing to do is set all your defaults to DROP and then start accepting packets you want. One of the better ways you can do this on the INPUT chain is to use state matching

iptables -A INPUT -i eth0 -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT

That will allow packets that are sent in response to requests from within your machine. On the output side you should have something like

iptables -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

That will allow your programs to send packets.

You also need to allow access to the loopback device

iptables -A INPUT -i lo -j ACCEPT


By the way, I know you are anxious for an answer, but it is accepted practice here to wait 24 hours before bumping your post.

thx a lot!
But I dont know why the firewall rules cause the GNOME cant work yet.

I'm betting the lack of the loopback is causing Gnome problems. A number of programs don't work correctly if you don't allow loopback on your firewall.