How to allow only ssh and internet access with iptables?
13,225
Let's start
Delete current rules and chains:
sudo iptables --flush
sudo iptables --delete-chain
Allow loopback:
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT
Drop ICMP:
sudo iptables -A INPUT -p icmp --icmp-type any -j DROP
sudo iptables -A OUTPUT -p icmp -j DROP
Allow established connections:
sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Allow SSH:
sudo iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
Default policies:
sudo iptables -P INPUT DROP
sudo iptables -P OUTPUT ACCEPT
Save:
sudo iptables-save
This is it. I think :)
Related videos on Youtube
11 : 14
Iptables LAN access Internet
11 : 09
Computer Networking Tutorial - 40 - iptables Firewall Rules
06 : 28
Linux Firewall: IPTables to Block/Allow Incoming Traffic
01 : 55
How to allow only ssh and internet access with iptables?
03 : 14
Unix & Linux: iptables: How to allow only SSH and VPN traffic? (3 Solutions!!)
Author by
dmx
Updated on September 18, 2022Comments
-
dmx over 1 year
I want to allow only internet access (it is useful for update) and ssh on my server. I found this set of rules:
sudo iptables -P INPUT DROP sudo iptables -P OUTPUT DROP sudo iptables -A INPUT -i lo -j ACCEPT sudo iptables -A INPUT -p tcp -m tcp --dport [port number] -j ACCEPT sudo iptables -A OUTPUT -o lo -j ACCEPT sudo iptables -A OUTPUT -p tcp --sport [port number] -m state --state ESTABLISHED -j ACCEPT sudo service iptables save sudo netfilter-persistent reloadThis is working well but I can't update my system or access internet. Which rules should I add to allow outgoing internet connection?
-
EODCraft Staff about 7 yearsWould using UFW be more efficient? I could find those commands easily. -
2707974 about 7 yearsSSH to server or from server? -
dmx about 7 years@2707974 ssh from outside (any other computer) and allow server to access internet
-
-
user956584 almost 7 yearsTHX THX THX THX