how to only allow tcp on dport 443 on the OUTPUT chain?
Jacob Mansfield
cyberjacob at gmail.com
Wed Mar 9 17:09:03 UTC 2011
Do you want to stop normal HTTP web access and restrict the server to HTTPS
only, if so you want to change the httpd settings, not iptables. as far as I
can see these commands would block ALL outgoing traffic on the server,
including some vital services. as for specifics, try this with the settings:
add this to the relevent section in your httpd.conf
RewriteEngine on
RewriteRule ^/(.*):SSL$ https://<YOUR_SERVER_URL>/$1 [R,L]
RewriteRule ^/(.*):NOSSL$ http://<YOUR_SERVER_URL>/$1 [R,L]
Redirect permanent / https://<YOUR_SERVER_URL>/
this autamaticly redirects HTTP requests to HTTP ones. then add this to
enable HTTPS
SSLProtocol -all +SSLv2
+MEDIUM:+LOW:+ESSLCipherSuite SSLv2:+HIGH:XP
for more information see
http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html
and
http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html
Jacob Mansfield
Programmer
CyberKing Solutions™
www.cyberkingsolutions.co.uk - I do know the database is down
"When Windows™ is opened the bugs come in."
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1-Jacob1
GCM/CS/CC/E/ED/MC/S/AT/! d++(---) s-: a--->? C++++ UL$++(++++)>$ P(+)
L$+++(++++)>$ E(?) W+++$ N(?)>+ o k(+/++) w---()>$ O? M(+)>$ V? PS(+) PE
Y(+)
PGP(+/++) t(+) 5?>+ X+ R(?) tv+ b++(+++) DI(+) D G(++) e-(*) h!-- !r
y(--)>+++++$
------END GEEK CODE BLOCK------
On 9 March 2011 07:35, erikmccaskey64 <erikmccaskey64 at zoho.com> wrote:
> it's a normal desktop machines iptables firewall:
>
> If i want to block udp on dport 80 on the output chain, then is this
> enough? i want to only allow tcp on it!
> iptables -P OUTPUT DROP
> iptables -A OUTPUT -o $PUBIF --dport 80 -j ACCEPT
>
> or i need this rule?
> iptables -P OUTPUT DROP
> iptables -A OUTPUT -o $PUBIF -p tcp --dport 80 -j ACCEPT
>
> the second one is the good one?
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20110309/1fe0685b/attachment.html>
More information about the ubuntu-users
mailing list