Results 1 to 6 of 6
Hello.
Rather new to Ubuntu and completely new to this forum.
I was wondering if anyone could offer advice on a basic iptables configuration blocking all incoming/forward and just allowing ...
- 11-18-2010 #1Just Joined!
- Join Date
- Nov 2010
- Posts
- 28
Need Help Configuring IpTables
Hello.
Rather new to Ubuntu and completely new to this forum.
I was wondering if anyone could offer advice on a basic iptables configuration blocking all incoming/forward and just allowing outgoing to http(s) and dns of course.
Thank you.Last edited by nxn00b; 11-18-2010 at 07:58 AM. Reason: Title Too General
- 11-18-2010 #2Linux Enthusiast
- Join Date
- Oct 2005
- Location
- Italy
- Posts
- 718
google "iptables howto"
- 11-18-2010 #3Just Joined!
- Join Date
- Nov 2010
- Posts
- 28
Well I was hoping for a little more insight than that, but still, thanks for the reply. I've read a few resources for the basics of how iptables works, but to be honest, I still don't understand.
As I said though, thanks for your reply.
- 11-18-2010 #4Linux Enthusiast
- Join Date
- Oct 2005
- Location
- Italy
- Posts
- 718
You would need some rules that match the packets you want to allow and as last rule in the chain you would block all the rest.
How exactly the rule looks like depends on where your firewall is located. For a routing device it could be something like:
For a computer it could be something like:Code:iptables -A INPUT -i $lan -p tcp --dport http -j ACCEPT iptables -A INPUT -i $lan -p tcp --dport dns -j ACCEPT iptables -A INPUT -j DROP
Code:iptables -A OUTPUT -i $lan -p tcp --dport http -j ACCEPT iptables -A OUTPUT -i $lan -p tcp --dport dns -j ACCEPT iptables -A OUTPUT -j DROP
- 11-19-2010 #5Just Joined!
- Join Date
- Nov 2010
- Posts
- 28
Would this be ok?
iptables -A OUTPUT -i $lan -p tcp --dport https -j ACCEPT
iptables -A OUTPUT -i $lan -p tcp --dport http -j ACCEPT
iptables -A OUTPUT -i $lan -p tcp --dport dns -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
- 11-19-2010 #6Linux Enthusiast
- Join Date
- Oct 2005
- Location
- Italy
- Posts
- 718
What is the -P command supposed to do? I know only -I [number] (insert) and -A (append).Code:iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT
Ignoring the -P command: If you want to ACCEPT only http, https and dns, why do you accept all packets in the OUTPUT chain anyway? And dropping all incoming packets (INPUT DROP) is a bad idea. You should at least accept some.
Just hack the rules into the shell and if it doesn't work restart the firewall / computer. That should restore the iptable chains like they were at startup. Once you found the rules that work store them in a shell script that will be executed during startup and they will be there whenever your computer starts.
And finally, all these things are written plain here, which is the first link google search gives.Last edited by Kloschüssel; 11-19-2010 at 06:25 AM.
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts