Results 1 to 4 of 4
HI! I have a small question about IPTables that I would really love to know the answer, since I am trying to understand the way to write at least simple ...
- 08-06-2007 #1Just Joined!
- Join Date
- Aug 2007
- Posts
- 2
Is it normal this to happen?
HI! I have a small question about IPTables that I would really love to know the answer, since I am trying to understand the way to write at least simple rules (not only copying the ones taken from the internet). What happens is this (on my experimentations):
I write:
/sbin/iptables -F
/sbin/iptables -Z
/sbin/iptables -X
To temporarily clean the existing rules and have a fresh start, and then I write this:
/sbin/iptables -P INPUT -j DROP
What I wanted was to block all connections attempts from the internet, so my computer was invisible. What really happens is that ALL MY TRAFFIC is blocked!!
Not only the new connections are blocked, but also the existing ones, and also my output traffic is completely blocked! It's like if I just unplugged my modem! I loose all connectivity with the internet!
What I wanted to know is if this is normal? Or should only the input connections be blocked?
- 08-06-2007 #2Just Joined!
- Join Date
- Aug 2007
- Posts
- 33
/sbin/iptables -F is sufficient to clear all rules. u don't need other 2 lines.
Originally Posted by Volans 
HI! I have a small question about IPTables that I would really love to know the answer, since I am trying to understand the way to write at least simple rules (not only copying the ones taken from the internet). What happens is this (on my experimentations):
I write:
/sbin/iptables -F
/sbin/iptables -Z
/sbin/iptables -X
To temporarily clean the existing rules and have a fresh start, and then I write this:
/sbin/iptables -P INPUT -j DROP
What I wanted was to block all connections from the internet, so my computer was invisible. What really happens is that ALL MY TRAFFIC is blocked!! Not only the new connections are blocked, but also the existing ones, and also my output traffic is completely blocked! It's like if I just unplugged my modem! I loose all connectivity with the internet!
What I wanted to know is if this is normal? Or should only the input traffic be blocked?
after that
/sbin/iptable -A INPUT -p icmp -j DROP will "simply drop the packets" & nobody will know that ur machine exists.
the general way to find a machine on the network is to send ping packets or icmp protocol. you block that & nobody knows that ur machine exists on the net. although there are other ways to find out. but this will get u going.
- 08-06-2007 #3Just Joined!
- Join Date
- Aug 2007
- Posts
- 2
Well, but why is all traffic blocked? If I do like this:
/sbin/iptables -F
/sbin/iptables -P INPUT -j DROP
/sbin/iptables -P OUTPUT -j ACCEPT
Shouldn't all connection attemps from the internet be blocked and connections from the computer to the internet allowed? Why is all traffic blocked (inbound and outbound)?
- 08-06-2007 #4Linux Enthusiast
- Join Date
- Apr 2004
- Location
- UK
- Posts
- 658
All traffic from your computer is being allowed and all traffic coming back in is blocked. The problem is everything coming in, including responses to your requests, is being dropped.
This will permit incoming traffic as long as it is associated with and established connection. The policies ensure that connections can only be established from your computer.Code:iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
Let us know how you get on,
Chris...To be good, you must first be bad. "Newbie" is a rank, not a slight.
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts