some web sites need more than port 80?....
Robert Donovan
tradecraft at ixpres.com
Sun Mar 6 13:03:16 PST 2005
seberino at spawar.navy.mil wrote:
>I locked down my laptop with a firewall script to only
>allow port 80.
>
>I noticed that only the text gets downloaded from ucsd.edu.
>
>It seems that the graphics from ucsd.edu could not get
>
>through my firewall.
>
>
>Do webs sites now send JPEGs in parallel with the text
>on a different port or something?
>
>
>chris
>
>
If we're talking iptables here, did you also allow established and
related connections? In iptables, the rule for an interface would be:
iptables -A INPUT -i [interfacename] -s [allowed_addresses] -p tcp
--sport 1024:65535 --dport 80 -m state --state NEW,ESTABLISHED,RELATED
-j ACCEPT
If you want to allow anyone to connect on port 80, omit the
-s[interfacename] stipulation.
If you only allow new connections, incoming images, which might come
from a different server, but be related to an existing connections will
be dropped because they won't match a rule allowing just new connections.
Only thing I can think of.
Robert Donovan
More information about the KPLUG-List
mailing list