Quote Originally Posted by linuxcenter View Post
Im on LAN, now can i be specific about outgoing rules allow only dport and sport to be 80,443.
If im not hosting a website why do i need ?

/sbin/iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -i eth1 -p tcp --dport 443 -j ACCEPT
If you read my post carefully, you would see that these rules would apply in the situation where your computer sits between a local LAN and the Internet. In this case all the LAN traffic would be funneled through the box, and the INPUT rules would apply to requests coming from machines behind this computer.

Are you trying to keep your own computer from sending packets out to the Internet? That seems like a bit of paranoia to me, but if you want to do that then use
Code:
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -j DENY

/sbin/iptables -A OUTPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp --dport 80  -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
/sbin/iptables -A OUTPUT -j DENY