[KLUG Members] More on the IPChains problem
Adam Williams
members@kalamazoolinux.org
Fri, 7 Jun 2002 14:56:34 -0400 (EDT)
>I played some with lokkit. It does NOT appear to generate
>any rules concerning OUTPUT; only rules for the INPUT chain
FYI: I've never used (or seen) lokkit
There really isn't much reason to much on the OUTPUT chain. The input
chain is the most effective place to "block" traffic.
>seem to be addressed. Moreover, it would seem that the in-
>put chain I posted in the first message is at least as
>restrictive (and perhaps more so) than the "HIGH" level
>option offered on the lokkit panel.
>If someone wants to take the time to read the ruleset and
>provide some insight I would be most grateful.
I'll take a look.
My method (when I get confused) is to -
1. Allow everything
2. Start blocking things until what I want to work STOPS working. Then I
know what to allow. :) This works with some really odd apps that don't
clearly state what they need.
or
Use a packet reader to see what is going on.