I''m trying to set up iptables on this linux machine, and all I want allowed are ftp and www. So I should allow only ports 21 and 80, right? Well why doesn''t this work: Before I block any ports, I can ftp in to localhost and I can connect to localhost in a web browser just fine. but after I run these iptables commands: #iptables -A INPUT -p TCP --sport 0:20 -j DROP #iptables -A INPUT -p TCP --sport 22:79 -j DROP #iptables -A INPUT -p TCP --sport 81:65535 -j DROP I cannot ftp in or connect to localhost in a web browser. I supposedly left ports 21 (ftp) and 80 (www) open, I assume.. so why can''t I get in? I can FTP in and WWW in up until the point I block ports 81-65535. I also noticed that I can''t get anything out. Did I block a network port or something? What am I doing wrong?

You blocked the wrong end of the connection (sport is `source'' port, not `server'' port). Use --dport instead.