How can i stop everything else than web and dns from my computer with iptables.
I just thought i could use the following:
iptables -A OUTPUT -p tcp --sport 80 -j ACCEPT
iptables -A OUTPUT -p udp --sport 53 -j ACCEPT
iptables -P OUTPUT DROP
But with this i cant surf the web at all...
-george
When you visit some website you open some random high port (>1023) on your side (source port) and connect to the specified port (in general 80/tcp) on the server side (destination port). Your rules only allow outgoing connections whose source port is 80 - that will never ever happen. So go and use '--dport' (destination port) instead of '--sport' (source port). :)
z0ny