About nixCraft

Topics

Linux Iptables allow LDAPS outgoing client request via firewall

Posted by Vivek Gite [Last updated: August 3, 2005]

Allow outgoing LDAPS client request from firewall host 202.54.1.20:
iptables -A OUTPUT -p tcp -s 202.54.1.20 --sport 1024:65535 -d 0/0 --dport 636 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A INPUT -p tcp -s 0/0 --sport 636 -d 202.54.1.20 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

E-mail this to a Friend    Printable Version

Linux Powered Asus EEE Laptop PC From $299

You may also be interested in other helpful articles:

Discussion on This Article:

  1. Anonymous Says:

    Can I restrict LDAPS outgoing clinet request to subnet 192.168.0.0/24? If so please leeme know the rule

    Thanks

  2. Timothy Stone Says:

    The rule is nearly identical. iptables should take the network notation you noted:

    iptables -A OUTPUT -p tcp -s 202.54.1.20 –sport 1024:65535 -d 192.168.0.0/24 –dport 636 -m state –state NEW,ESTABLISHED -j ACCEPT

    You did say an outgoing request right? If you meant the opposite, switch the “-d” argument with the “-s” argument. As a side note, both “-d” and “-s” can be noted in long form with “–destination” or “–source”, respectively, making your rule more readable.

    Also, the “-A” parameter “appends” a rule to an existing chain. Be careful you are not appending one rule that does something different from the rule you really want. You could end up with unintended “holes” in your firewall.

    % sudo /sbin/iptables -L

    Will tell you what is currently loaded in your iptables chain.

  3. Anonymous Says:

    Thanks for explaining iptables rules. I’m new to Linux and Iptables.

Leave a Reply

We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Copyright © 2004-2008 nixCraft. All rights reserved - TOS/Disclaimer - Privacy policy - Sitemap - Powered by Open source software.