IP Tables - Why doesn't this work?

By johnporter29
in Linux

 Share

Recommended Posts

Experienced

johnporter29

Posted
Posted

I am trying to get to grips with IPTables on CentOS 6.3 and having difficulty in understand why this doesn't work. Basically this should allow incoming only connections on Port 22 (SSH) and both incoming and outgoing on Ports 80 and 443.


-p INPUT DROP
-p OUTPUT DROP
-p FORWARD DROP

#allow all traffic on loopback adapter
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

# allow incoming ssh connections only
-A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INOUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT

# port 80/443 - incoming
-A INPUT -i eth0 -p tcp -m multiport --dports 80,443 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m multiport --sports 80,443 -m state --state ESTABLISHED -j ACCEPT

# port 80/443 - outgoing
-A OUTPUT -o eth0 -p tcp --dport 80 -j ACCEPT
-A INPUT -i eth0 -p tcp --sport 80 -j ACCEPT

-A INPUT -j DROP
-A OUTPUT -j DROP
[/CODE]

Feel free to suggest alternatives but please explain things and not just post the solution.

Thanks

Link to comment
https://www.neowin.net/forum/topic/1094635-ip-tables-why-doesnt-this-work/
Share on other sites
Experienced

johnporter29

Posted
  • Author
Posted

The problem I had was that I couldn't get out on port 80 from the server i.e. I couldn't browse the web from there using the rules above, so I didn't put the 443 stuff in till I got the 80 stuff working.

I have since been reading articles etc and now have a script that builds the iptables config and it appears to be working as expected, I will post the script later if anyone is interested.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Microsoft confirms Windows 11 26H2 to finally get one of the most requested features

      By Elliot B. · Posted

      Another click bait title on Neowin.
    • Poll: Grand Theft Auto VI price predictions, cast your vote

      By Alpha_Tay · Posted

      Free to Play?
    • I restored the default settings to Secure Boot. Big mistake

      By binaryzero · Posted

      Leave Secure Boot off, the Optiplex 7010 isn't getting a firmware update to support the changes...
    • Microsoft confirms Windows 11 26H2 to finally get one of the most requested features

      By hellowalkman · Posted

      Microsoft confirms Windows 11 26H2 to finally get one of the most requested features by Sayan Sen This past week Microsoft officially confirmed Windows 11 version 26H2 with the latest build, 26300.8697, for testing in the experimental Insider channel. The company also published more details about it mainly directed towards IT admins and system admins. Essentially version 26H2 will be delivered via an enablement package (eKB) over Windows 11 25H2. If you are wondering about some of the upcoming features in the next Windows version, one of them is certainly very interesting as Microsoft has confirmed it is finally bringing one of the most overwhelmingly requested features ever. March Rogers, the Partner Director of Design at Microsoft, recently highlighted some of the Search improvements that the company is testing, and during the interaction with users on X where he posted it, Rogers also confirmed that the company is working on disabling web search results inside Search. This is something which many users find quite annoying as Windows would often serve them links to Bing which it feels could be more helpful rather than bringing up the actual object or app the user may be searching for on their PC. Finally though the company is prioritizing local file search over the web. However the feature could not be disabled for many users as not all new features are immediately rolled out to everyone. Image via phantomofearth (X) Windows enthusiast phantomofearth who likes to dig deep into new builds uncovered the IDs you will need to enable these features. Using the following feature IDs the new Search-related features landing in Windows 11 26H2 can be used. Follow the steps below to enable the new Search experience on Windows 11 build 26300.8697: Download ViveTool from GitHub and unpack the files in a convenient and easy-to-find folder. Press Win + X and select Terminal (Admin). Switch Windows Terminal to the Command Prompt profile with the Ctrl + Shift + 2 shortcut or by clicking the arrow-down button at the top of the window. Navigate to the folder containing the ViveTool files with the CD command. For example, if you have placed ViveTool in C:\Vive, type CD C:\Vive. Type vivetool /enable /id: and press Enter. Restart your computer. If you change your mind and want to restore, repeat the steps above and replace /enable with /disable in the commands on steps 5 and 6. Delightedly and perhaps also expectedly, once you disable web search and other such bloat, the Windows 11 Search is said to get snappier as remarked by another Windows enthusiast Xeno.
    • A 13 billion year old secret about our Universe's origin was revealed

      By Michael Scrip · Posted

      Makes me think of Family Guy - "Carl Sagan's Cosmos... edited for Rednecks" 🤣 https://www.youtube.com/watch?v=Ljt5iESYA7k&t=2s

  • Recent Achievements

    • Dedicated
      Almohandis earned a badge
      Dedicated
    • Dedicated
      JuvenileDelinquent earned a badge
      Dedicated
    • First Post
      DrWankel earned a badge
      First Post
    • Reacting Well
      DrWankel earned a badge
      Reacting Well
    • Week One Done
      Supreme Spray LV earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      505
    2. 2
      +Edouard
      178
    3. 3
      PsYcHoKiLLa
      84
    4. 4
      Steven P.
      76
    5. 5
      Michael Scrip
      76
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!