iptables rule to allow access to internet
iptables
rules are sequential, meaning the first rule they hit that matches gets executed. rules like ACCEPT, DROP, and REJECT are terminal, meaning the packet will not proceed further into the chain.-A
means append. So what you've done is
- match everything and REJECT it # everything stops here
- accept tcp port 80 # we never reach this because everything stopped there ^
unfortunately tcp port 80 is part of everything, and thus you never reach your second rule. Flush your INPUT
chain with -F
and reverse the order in which you run your rules. I also recommend reading Dan Robbins article on stateful firewall design which is not just for gentoo or 2.4 kernels.
Related videos on Youtube
Chankey Pathak
Note: Inactive since past 4 years (restrictions at workplace) Project: TutsWiki - An open source platform to provide collaborative tutorials. LinuxStall - A place for all your Linux needs. Find me: Google+ Twitter LinkedIn GitHub Email: [email protected]
Updated on September 18, 2022Comments
-
Chankey Pathak over 1 year
I made default policy of my machine-
iptables -A INPUT -j REJECT #DROP ALL PACKETS TO INPUT CHANNEL
INPUT channel has been blocked. Now I want to allow only some specific services like I should be able to access the internet. So what rule should I add? Port 80 is for HTTP so I tried allowing that port by
iptables -A INPUT -p tcp --dport 80 ACCEPT
But it didn't work. Let me know how can I do this?
-
Chankey Pathak over 12 yearsI flushed the rule and after that I put these rules, why doesn't iptables -A INPUT -p tcp --sport 80 -j ACCEPT; iptables -A INPUT -j DROP working?