these INPUT and OUTPUT rules blocking more than desired....
seberino at spawar.navy.mil
seberino at spawar.navy.mil
Tue Mar 1 02:43:08 CET 2005
The snippet below was intended to *ONLY* allow types of traffic that
I desired in and out of PC. For example, I tried to only allow DNS, SSH
and HTTP.
These services don't work. It seems like they need more than /one/
port opened. Or, they need something else I'm forgetting.
Any help would be greatly appreciated.....
# INPUT
$IPTABLES -t filter -A INPUT \
-i $INTERNET_INTERFACE \
-d $INTERNET_ADDRESS \
-m state --state ESTABLISHED,RELATED \
-j ACCEPT
for PORT in $OPEN_INCOMING_TCP_PORTS; do
$IPTABLES -t filter -A INPUT \
-i $INTERNET_INTERFACE \
-d $INTERNET_ADDRESS \
-p tcp --dport $PORT \
-j ACCEPT
done
for PORT in $OPEN_INCOMING_UDP_PORTS; do
$IPTABLES -t filter -A INPUT \
-i $INTERNET_INTERFACE \
-d $INTERNET_ADDRESS \
-p udp --dport $PORT \
-j ACCEPT
done
# OUTPUT
$IPTABLES -t filter -A OUTPUT \
-o $INTERNET_INTERFACE \
-s $INTERNET_ADDRESS \
-m state --state ESTABLISHED,RELATED \
-j ACCEPT
for PORT in $OPEN_OUTGOING_TCP_PORTS; do
$IPTABLES -t filter -A OUTPUT \
-o $INTERNET_INTERFACE \
-s $INTERNET_ADDRESS \
-p tcp --dport $PORT \
-j ACCEPT
done
for PORT in $OPEN_OUTGOING_UDP_PORTS; do
$IPTABLES -t filter -A OUTPUT \
-o $INTERNET_INTERFACE \
-s $INTERNET_ADDRESS \
-p udp --dport $PORT \
-j ACCEPT
done
More information about the netfilter
mailing list