Allowing outbound traffic with APF/iptables for OpenVZ container
Posted
by
David
on Server Fault
See other posts from Server Fault
or by David
Published on 2012-09-06T06:10:55Z
Indexed on
2012/10/11
15:39 UTC
Read the original article
Hit count: 243
I have apf installed on a OpenVZ container (proxmox 2.1). The config is pretty much vanilla and things are working. My external services like ssh and http are working. My problem is that all outbound traffic on http/https is blocked. How do I allow all outbound traffic for http/https.
If I change EGF to 1 like this, all inbound and outbound traffic gets blocked
EGF="1"
EG_TCP_CPORTS="21,25,80,443,43,53"
EG_UDP_CPORTS="20,21,53"
EG_ICMP_TYPES="all"
I opened a single outbound rule with the following
# /usr/local/sbin/apf -a downloads.wordpress.org
How do I allow all outbound traffic on http/https without blocking all traffic? Why would I allow all inbound ssh/http traffic and block all outbound traffic?
© Server Fault or respective owner