iptables rule for yum

Support for security such as Firewalls and securing linux
Post Reply
kemra102
Posts: 3
Joined: 2014/09/30 12:07:22

iptables rule for yum

Post by kemra102 » 2014/09/30 12:10:28

I am using the following rule in iptables:

Code: Select all

-A OUTPUT -p tcp --sport 80 -j ACCEPT -m comment --comment "allow yum to get out to the internet over http"
The default is to DROP in all chains, and there are related/established rules set for both INPUT & OUTPUT. This rule works fine on CentOS 6 & 7 but not on 5. Any ideas why there might be a difference?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: iptables rule for yum

Post by TrevorH » 2014/09/30 13:04:07

I cannot understand how that can possibly work on any version. It says that if a connection originates from port 80 then allow it. I do not believe that yum ever makes connections outbound from port 80. To port 80, yes, from port 80 no.

I suspect it's more likely that you have some other rule that is allowing the traffic. Running iptables -nvL would let you check the packet matching counts on the rules and see if that one has ever been hit.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply