iptables to allow only ssh and https

linux ssh iptables firewall https
16,329

Do not block all the outbound rule, it will not choose port 443 as a source to get data from other server. And I think blocking inbound rules are pretty enough to ensure your server security. Rest is all Good. You can use below rules if you want.

iptables -F
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -j DROP
Share:
16,329

Related videos on Youtube

wyr0
Author by

wyr0

Updated on September 18, 2022

Comments

  • wyr0
    wyr0 over 1 year

    I'm trying to configure the iptables on my device in order to allow only SSH and HTTPS traffic. In particular, the HTTPS protocol is used to call some REST API toward a remote server from a java client.

    This is my iptables:

    iptables -F

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

#SSH
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT

#DNS
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT

#HTTPS
iptables -A OUTPUT -p tcp --sport 443 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT

    Everything works as expected, except for HTTPS traffic, which is blocked by iptables.

    What i made wrong?

    • user9517
      user9517 about 8 years
      Blocked in or blocked out? The sport of an outbound connection will almost certainly not be 443.
    • Michael Hampton
      Michael Hampton about 8 years
      Do yourself a favor: 1. Don't write stateless firewalls. 2. If you don't know how to write a firewall from scratch, get a tool to generate it for you.
  • Dylan Knoll
    Dylan Knoll about 8 years
    This line is what you're missing OP: iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How do I block every connection except vpn and ssh without endangering the state of my vps?
How can I allow ssh connection from an IP subnet on port 10022 using iptables?
Help! My server has been hacked - .IptabLes and .IptabLex in /boot
How to allow only ssh and internet access with iptables?
Block China with iptables
What prevents a machine from responding to pings?
How to Block SSH Brute Force via Iptables and How does it work?
TCP connect: No route to host
Forwarding all incoming traffic on eth0 to go to eth1
How to forward http request to a proxy server?