Allowing outbound traffic with APF/iptables for OpenVZ container

Posted by David on Server Fault See other posts from Server Fault or by David
Published on 2012-09-06T06:10:55Z Indexed on 2012/10/11 15:39 UTC
Read the original article Hit count: 243

I have apf installed on a OpenVZ container (proxmox 2.1). The config is pretty much vanilla and things are working. My external services like ssh and http are working. My problem is that all outbound traffic on http/https is blocked. How do I allow all outbound traffic for http/https.

If I change EGF to 1 like this, all inbound and outbound traffic gets blocked

EGF="1"
EG_TCP_CPORTS="21,25,80,443,43,53"
EG_UDP_CPORTS="20,21,53"
EG_ICMP_TYPES="all"

I opened a single outbound rule with the following

# /usr/local/sbin/apf -a downloads.wordpress.org

How do I allow all outbound traffic on http/https without blocking all traffic? Why would I allow all inbound ssh/http traffic and block all outbound traffic?

© Server Fault or respective owner

Related posts about iptables

Related posts about firewall