<div dir="ltr">Do you want to stop normal HTTP web access and restrict the server to HTTPS only, if so you want to change the httpd settings, not iptables. as far as I can see these commands would block ALL outgoing traffic on the server, including some vital services. as for specifics, try this with the settings:<div> add this to the relevent section in your httpd.conf</div><div><meta http-equiv="content-type" content="text/html; charset=utf-8"><span class="Apple-style-span" style="line-height: 14px; "><font class="Apple-style-span" face="'courier new', monospace">RewriteEngine on<br> RewriteRule ^/(.*):SSL$ https://<YOUR_SERVER_URL>/$1 [R,L]<br></font></span></div><div><font class="Apple-style-span" face="'courier new', monospace"><span class="Apple-style-span" style="line-height: 14px; ">RewriteRule ^/(.*):NOSSL$ http://</span><span class="Apple-style-span" style="line-height: 14px; "><YOUR_SERVER_URL></span><span class="Apple-style-span" style="line-height: 14px; ">/$1 [R,L]</span></font></div> <meta http-equiv="content-type" content="text/html; charset=utf-8"><meta http-equiv="content-type" content="text/html; charset=utf-8"><div><font class="Apple-style-span" face="'courier new', monospace"><span class="Apple-style-span" style="line-height: 14px; "><span class="Apple-style-span" style="line-height: 18px; ">Redirect permanent / https://</span></span><span class="Apple-style-span" style="line-height: 14px; "><YOUR_SERVER_URL></span><span class="Apple-style-span" style="line-height: 18px; ">/</span></font></div> <meta http-equiv="content-type" content="text/html; charset=utf-8"><div><div dir="ltr">this autamaticly redirects HTTP requests to HTTP ones. then add this to enable HTTPS</div><div dir="ltr"><meta http-equiv="content-type" content="text/html; charset=utf-8"><font class="Apple-style-span" face="'courier new', monospace"><span class="Apple-style-span" style="line-height: 14px; ">SSLProtocol -all +SSLv2<br> +MEDIUM:+LOW:+E</span><span class="Apple-style-span" style="line-height: 14px; ">SSLCipherSuite SSLv2:+HIGH:</span><span class="Apple-style-span" style="line-height: 14px; ">XP</span></font></div><div dir="ltr">for more information see</div> <div dir="ltr"><meta http-equiv="content-type" content="text/html; charset=utf-8"><a href="http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html">http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html</a></div><div dir="ltr"> and</div> <div dir="ltr"><meta http-equiv="content-type" content="text/html; charset=utf-8"><a href="http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html">http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html</a></div><div dir="ltr">Jacob Mansfield<br> Programmer<br>CyberKing Solutions™<br><a href="http://www.cyberkingsolutions.co.uk" target="_blank">www.cyberkingsolutions.co.uk</a> - I do know the database is down<br><br>"When Windows™ is opened the bugs come in."<br> Please avoid sending me Word or PowerPoint attachments.<br>See <a href="http://www.gnu.org/philosophy/no-word-attachments.html" target="_blank">http://www.gnu.org/philosophy/no-word-attachments.html</a><br><br>-----BEGIN GEEK CODE BLOCK-----<br> Version: 3.1-Jacob1<br>GCM/CS/CC/E/ED/MC/S/AT/! d++(---) s-: a--->? C++++ UL$++(++++)>$ P(+) <br>L$+++(++++)>$ E(?) W+++$ N(?)>+ o k(+/++) w---()>$ O? M(+)>$ V? PS(+) PE Y(+)<br>PGP(+/++) t(+) 5?>+ X+ R(?) tv+ b++(+++) DI(+) D G(++) e-(*) h!-- !r y(--)>+++++$<br> ------END GEEK CODE BLOCK------</div><br> <br><br><div class="gmail_quote">On 9 March 2011 07:35, erikmccaskey64 <span dir="ltr"><<a href="mailto:erikmccaskey64@zoho.com">erikmccaskey64@zoho.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"> <div><div><font face="Verdana, arial, Helvetica, sans-serif"><span style="font-size:12px"><div style="font-family:'Times New Roman';font-size:medium"><font face="Verdana, arial, Helvetica, sans-serif"><span style="font-size:12px">it's a normal desktop machines iptables firewall: </span></font></div> <div style="font-family:'Times New Roman';font-size:medium"><font face="Verdana, arial, Helvetica, sans-serif"><span style="font-size:12px"><br></span></font></div><div style="font-family:'Times New Roman';font-size:medium"> <font face="Verdana, arial, Helvetica, sans-serif"><span style="font-size:12px">If i want to block udp on dport 80 on the output chain, then is this enough? i want to only allow tcp on it!</span></font></div><div style="font-family:'Times New Roman';font-size:medium"> <font face="Verdana, arial, Helvetica, sans-serif"><span style="font-size:12px">iptables -P OUTPUT DROP</span></font></div><div style="font-family:'Times New Roman';font-size:medium"><font face="Verdana, arial, Helvetica, sans-serif"><span style="font-size:12px">iptables -A OUTPUT -o $PUBIF --dport 80 -j ACCEPT</span></font></div> <div style="font-family:'Times New Roman';font-size:medium"><font face="Verdana, arial, Helvetica, sans-serif"><span style="font-size:12px"><br></span></font></div><div style="font-family:'Times New Roman';font-size:medium"> <font face="Verdana, arial, Helvetica, sans-serif"><span style="font-size:12px">or i need this rule?</span></font></div><div style="font-family:'Times New Roman';font-size:medium"><font face="Verdana, arial, Helvetica, sans-serif"><span style="font-size:12px">iptables -P OUTPUT DROP</span></font></div> <div style="font-family:'Times New Roman';font-size:medium"><font face="Verdana, arial, Helvetica, sans-serif"><span style="font-size:12px">iptables -A OUTPUT -o $PUBIF -p tcp --dport 80 -j ACCEPT</span></font></div> <div style="font-family:'Times New Roman';font-size:medium"><font face="Verdana, arial, Helvetica, sans-serif"><span style="font-size:12px"><br></span></font></div><div style="font-family:'Times New Roman';font-size:medium"> <font face="Verdana, arial, Helvetica, sans-serif"><span style="font-size:12px">the second one is the good one?</span></font></div></span></font></div><div style="font-family:Verdana, arial, Helvetica, sans-serif;font-size:12px"> </div></div><br>--<br> ubuntu-users mailing list<br> <a href="mailto:ubuntu-users@lists.ubuntu.com">ubuntu-users@lists.ubuntu.com</a><br> Modify settings or unsubscribe at: <a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-users" target="_blank">https://lists.ubuntu.com/mailman/listinfo/ubuntu-users</a><br> <br></blockquote></div><br></div></div>