5 posts in this topic

Posted

I am trying to get to grips with IPTables on CentOS 6.3 and having difficulty in understand why this doesn't work. Basically this should allow incoming only connections on Port 22 (SSH) and both incoming and outgoing on Ports 80 and 443.

[CODE]
-p INPUT DROP
-p OUTPUT DROP
-p FORWARD DROP

#allow all traffic on loopback adapter
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

# allow incoming ssh connections only
-A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INOUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT

# port 80/443 - incoming
-A INPUT -i eth0 -p tcp -m multiport --dports 80,443 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m multiport --sports 80,443 -m state --state ESTABLISHED -j ACCEPT

# port 80/443 - outgoing
-A OUTPUT -o eth0 -p tcp --dport 80 -j ACCEPT
-A INPUT -i eth0 -p tcp --sport 80 -j ACCEPT

-A INPUT -j DROP
-A OUTPUT -j DROP
[/CODE]

Feel free to suggest alternatives but please explain things and not just post the solution.

Thanks

Share this post


Link to post
Share on other sites

Posted

"-A [b]INOUT[/b] -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT"

What is INOUT?

Share this post


Link to post
Share on other sites

Posted

[quote name='BudMan' timestamp='1343648485' post='595044961']
"-A [b]INOUT[/b] -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT"

What is INOUT?
[/quote]

A spelling mistake :blush: ! Thanks Budman.

Share this post


Link to post
Share on other sites

Posted

happens - so that should fix your 22 inbound.

# port 80/443 - outgoing

Seems to be missing the 443 stuff.

Share this post


Link to post
Share on other sites

Posted

The problem I had was that I couldn't get out on port 80 from the server i.e. I couldn't browse the web from there using the rules above, so I didn't put the 443 stuff in till I got the 80 stuff working.

I have since been reading articles etc and now have a script that builds the iptables config and it appears to be working as expected, I will post the script later if anyone is interested.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.