Hi all
Please help with firewall (ipables)

I setup my firewall:
iptables -P INPUT -j DROP
iptables -P OUTPUT -j DROP
iptables -P FORWARD -j DROP

What rule I must write, to make ktorrent works

I already try some methods
But nothing works, because ktorrent open not only my default port 6881, but some others, and don't want open all output ports

iptables -A INPUT -p tcp --destination-port 6881 -j ACCEPT

Replace 6881 by the port you are using

Why are you dropping everything on the output chain ? For a home user, I fail to see why this is necessary. You do know that ktorrent when it opens a connection, it will pick a random port, so the rule iptables -P OUTPUT -j DROP would prevent every bittorrent connection from getting setup, you can't even announce to trackers.

So...
Without rule iptables -P OUTPUT -j ACCEPT nothing will work?

I just tried this rule:

iptables -P OUTPUT -j DROP

And iptables fails on it, if you want to change the policy of a chain you need to do it like this:

iptables -P OUTPUT DROP

And with that rule in place, you can't setup any outgoing connection.

I understand this
Yes, i'v make a mistake in rule, but on machine i write right rule

So if I block all out going connections, there is no way to make torrent works?

azat wrote:I understand this
Yes, i'v make a mistake in rule, but on machine i write right rule

So if I block all out going connections, there is no way to make torrent works?

Yes, unless of course you add an exception for each port the kernel might choose when setting up the connection, which is IMHO rather pointless.

thanks