Re: questions on iptables
=?UTF-8?B?UGlwZXLjgb/jgYvjgZM=?= writes:
>
> sudo /usr/sbin/iptables -F
> sudo /usr/sbin/iptables -A INPUT -s 127.0.0.1 -j ACCEPT
> sudo /usr/sbin/iptables -A INPUT -s xx.xx.xx.xx -j ACCEPT # my server
> public IP
> sudo /usr/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
> sudo /usr/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
> sudo /usr/sbin/iptables -A INPUT -p tcp -j DROP
>
iptables -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -j REJECT --reject-with icmp-admin-prohibited
iptables -A FORWARD -j REJECT --reject-with icmp-admin-prohibited
iptables-save > /etc/iptables/rules.v4
ip6tables -F
ip6tables -P INPUT ACCEPT
ip6tables -P FORWARD ACCEPT
ip6tables -P OUTPUT ACCEPT
ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
ip6tables -A INPUT -p ipv6-icmp -j ACCEPT
ip6tables -A INPUT -i lo -j ACCEPT
ip6tables -A INPUT -p tcp -â??dport 22 -j ACCEPT
ip6tables -A INPUT -p tcp -â??dport 80 -j ACCEPT
ip6tables -A INPUT -j REJECT --reject-with icmp6-adm-prohibited
ip6tables -A FORWARD -j REJECT --reject-with icmp6-adm-prohibited
ip6tables-save > /etc/iptables/rules.v6
And, look in /etc/iptables to make sure, and reboot; then check for
outbound connections with a browser. (Note how icmp is handled-it is
required.)
John
--
John Conover, conover@panix.com, http://www.johncon.com/
Reply to: