RE: iptables usage
> I've been trying to get iptables working so that I can finally have a
> worthwhile client-side non-graphical firewall. So to test it out, I
> typed these two commands:
>
> /# iptables -A INPUT -p tcp --dport 80 -j ACCEPT
> # iptables -A INPUT -j REJECT
>
> /And for some reason I completely lost my connection to port 80, even
> though that command says "Allow all TCP connections to port 80, but
> reject all others".
Is it your intention to only allow incoming connections to port 80?
i.e. you have a web server (apache) set up on your machine, and you
only want to allow incoming connections to that, and to block everything
else? If so, the above commands look like they should work to me,
assuming the OUTPUT rules are allowing everything (the default).
Or are you trying to only allow web browsing from your computer, and
nothing else? If so, the above command will not work, since the reply
packets coming back are not directed to port 80, but rather a random
port # above 1024. If you want something like a personal firewall,
that will allow outgoing connections but not incoming, try something
like:
First flush the chain, and set the default policy to DROP:
# iptables -F INPUT
# iptables -P INPUT DROP
Now, start adding rules to allow incoming packets:
# iptables -A INPUT --state ESTABLISHED,RELATED -j ACCEPT
This will allow the return packets for outgoing connections, but
will drop incoming packets that are trying to make new connections.
Or is this machine acting as a firewall/router for other computers
sitting behing it on a LAN? If that's the case, you'll need to mess
with the FORWARD rules, not INPUT or OUTPUT.
Hope this helps!
-- Kevin
Reply to: