Because the rule
iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
with a DROP
policy on the OUTPUT
chain requires two things which are highly relevant here:
- The connection must already have been established
- The source port must be 80/tcp
Source ports below 1024 are privileged, and generally aren't used for outgoing connections even when the socket owning process is running as root. You are more likely to see a high source port number going out, well above 30000 seems to be common.
There is also no way to establish a connection, since the only outgoing traffic that is allowed must be related to an already established connection.
Hence, in practice, nothing can match this rule.
Try instead:
iptables -A OUTPUT -o eth0 -p tcp --dport 80 -j ACCEPT
which should allow any outbound connections to destination TCP port 80 where the traffic is routed through eth0, which is much more in line with what you want.
And then as has been pointed out, don't forget about HTTPS, DNS, ...
Best Answer
info date
told me that-d
option requires input in locale independent format. To get the output in such a format, use:So the following should work:
It's only a cumbersome example that has a little sense (compare
date +%s
) but it shows thatdate
accepts its output as an input.Trivia: To make most commands produce locale independent output, use
LANG=C some_command
. In the above exampleLANG=C date
should work as well.