Results 1 to 3 of 3
Thread: iptables help
Enjoy an ad free experience by logging in. Not a member yet? Register.
- Join Date
- Jun 2009
#!/bin/bash # Remove all rules and chains iptables -F iptables -X # first set the default behaviour => accept connections iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT # Allow ESTABLISHED and RELATED incoming connection iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow loopback traffic iptables -A INPUT -i lo -j ACCEPT # DROP all forward packets, I don't share this internet connection iptables -A FORWARD -j DROP # Drop all Bittorrent packets going over eth0 iptables -A OUTPUT -o eth0 -p tcp -m multiport --dport 6881:6999 -j DROP # Allow all Bittorent traffic going over vpn connection pp0 iptables -A OUTPUT -o ppp0 -p tcp -m multiport --dport 6881:6999 -j ACCEPT # End message echo " [iptables rules are set]"
The problem here is that you're attempting to filter traffic the wrong way around. Your packets will be _received_ on 6881:6999 rather than sent. Change OUTPUT to INPUT and see if this works.
Where does eth0 connect?
Where does ppp0 connect?
Because your Policy is set to ACCEPT on all INPUT, OUTPUT and FORWARD the following rules are redundant;
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o ppp0 -p tcp -m multiport --dport 6881:6999 -j ACCEPT
You are thinking sdrawkcabssa!
You should be blocking everything and only allowing in what you want in or out. As to the other posters comment about switching OUTPUT and INPUT it doesn't matter as you are accepting everything anyway.
This TUTORIAL is a starting place and has examples in it.
The adventure of a life time.
Linux User #296285