Allow ssh incoming/outgoing and blocking all outgoing besides specific ports
18,459
You might want to add the DNS ports, otherwise you may not be able to resolve any hostnames.
Allowing OUTPUT for TCP and UDP Port 53 should help.
Author by
randy newfield
Updated on June 17, 2022Comments
-
randy newfield almost 2 years
I am trying to create iptable rules that will allow incoming and outgoing ssh connections, and then allow outbound connections to specific ports, then finally drop anything that doesnt match.
These are the rules I have come up with, the SSH rules work, but when I tunnel into the box I cant seem to access http (port 80) even though i've allowed it. Can anyone spot the mistake?
#!/bin/bash #clear iptables iptables -F iptables -X #set default policy to drop iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP #accept everything no matter port on localhost iptables -A INPUT -i lo -j ACCEPT #allow established connections iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #allow input on port 22, (established connections auto accepted) iptables -A INPUT -p tcp --dport 22 -j ACCEPT #allow traffic going to specific outbound ports iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT iptables -A OUTPUT -p tcp --dport 6667 -j ACCEPT iptables -A OUTPUT -p tcp --dport 6697 -j ACCEPT #... #drop anything that doesnt match the rules above iptables -A INPUT -j DROP iptables -A OUTPUT -j DROP
Thanks for your time.