Never mind. I got it!
## Stateful outbound iptables -A OUTPUT -o eth1 -m state --state NEW -j ACCEPT iptables -A FORWARD -o eth1 -m state --state NEW -j ACCEPT
## Stateful inbound iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
It’s starting to make sense now =)
Ryan McAlister
-----Original Message-----
I’m pretty new to iptables and finally got a server forwarding packets a few days ago (with help from this list). After reading a while http://iptables-tutorial.haringstad.com/iptables-tutorial.html I’m having a bit of trouble understanding how to get outbound connections into the INPUT table on their way back into the firewall. What I want is for all inbound packets to be dropped and have all outbound packets exit the firewall STATEFULY and be allowed back in. Shouldn’t this line let things back in? ## Stateful inbound iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Maybe I’m not getting the packets outbound in the correct manner.
Thanks, Ryan McAlister
Eth1=public Eth0=private
Here’s what I have so far:
## Clean up iptables -F iptables -X iptables -Z
## Drop packets iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP
## Nat outbound packets iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 216.29.167.225
## Stateful inbound??? iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
## Allow access to internal interface iptables -A INPUT -i eth0 -j ACCEPT iptables -A OUTPUT -o eth0 -j ACCEPT
|