Search
Search

How to allow only ssh and internet access with iptables?

dmx Published at Dev
20
dmx

I want to allow only internet access (it is useful for update) and ssh on my server. I found this set of rules:

  sudo iptables -P INPUT DROP
  sudo iptables -P OUTPUT DROP
  sudo iptables -A INPUT -i lo -j ACCEPT
  sudo iptables -A INPUT -p tcp -m tcp --dport [port number] -j ACCEPT
  sudo iptables -A OUTPUT -o lo -j ACCEPT
  sudo iptables -A OUTPUT -p tcp --sport [port number] -m state --state ESTABLISHED -j ACCEPT
  sudo service iptables save
  sudo netfilter-persistent reload

This is working well but I can't update my system or access internet. Which rules should I add to allow outgoing internet connection?

2707974

Let's start

Delete curent rules and chains

sudo iptables --flush
sudo iptables --delete-chain

allow loopback

sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT

drop ICMP

sudo iptables -A INPUT -p icmp --icmp-type any -j DROP
sudo iptables -A OUTPUT -p icmp -j DROP

allow established connections

sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

allow SSH

sudo iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

default policies

sudo iptables -P INPUT DROP
sudo iptables -P OUTPUT ACCEPT

Save

sudo iptables-save

This is it. I think :)

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at
0

Comments

0 comments
Login to comment

Related

iptables rule to allow access to internet

How can I allow SSH and SMTP only using IPTables?

iptables - how to allow internet but block subnet?

iptables: How to allow SSH through debian router?

How to only allow access to web server through SSH?

Allow internet access only through vpn server

How to allow only subnet for port with iptables

How do I allow only internal network to access a particular UDP Port using iptables

How to allow only apt internet access any deny / block everything else

How to restrict internet access to a subnet, and allow from only another subnet of the same vnet?

How to restrict internet access for a particular user on the lan using iptables in Linux

How to allow noip2 access through iptables with drop policy

How to allow only IPs ending with a specific number in IPTABLES?

Allow Egress only to internet

Ubuntu IPTables allow only allow 1 country

Block traffic to LAN but allow traffic to Internet (iptables)

What do I have to add to this iptables setup to allow mysql access through ssh?

Allow a UNIX group access to only a single file through SSH

How to restrict an SSH user to only allow SSH-tunneling?

How to only allow access thru an IFRAME

how to allow access to folders only for localhost in apache

IPTables rule to allow incoming SSH connections

How to allow access to an Angular 8 app from outside the network? (the internet)

How to allow only USB cable transfer and block internet on Windows Firewall?

Allow docker container to access the internet

How to allow traffic for SSH 22 using iptables for one specific ip address and internal networks

Set up firwall with iptables to only allow VPN

Linux - iptables allow only 3 IPs

is there an iptables rule to allow only email on port 25?

TOP Ranking

  1. 1

    pump.io port in URL

  2. 2

    How to import an asset in swift using Bundle.main.path() in a react-native native module

  3. 3

    Failed to listen on localhost:8000 (reason: Cannot assign requested address)

  4. 4

    Inner Loop design for webscrapping

  5. 5

    Can't pre-populate phone number and message body in SMS link on iPhones when SMS app is not running in the background

  6. 6

    mysql.connector.errors.InterfaceError: 2003: Can't connect to MySQL server on '127.0.0.1:3306' (111 Connection refused)

  7. 7

    Removed zsh, but forgot to change shell back to bash, and now Ubuntu crashes (wsl)

  8. 8

    ggplotly no applicable method for 'plotly_build' applied to an object of class "NULL" if statements

  9. 9

    How to run blender on webserver?

  10. 10

    Resetting Value of <input type="time"> in Firefox

  11. 11

    Converting a class method to a property with a backing field

  12. 12

    Ambiguous use of 'init' with CFStringTransform and Swift 3

  13. 13

    Execute ./script.sh with a crontab

  14. 14

    How to set tab order for array of cluster,where cluster elements have different data types in LabVIEW?

  15. 15

    How to pass data to the ng2-bs3-modal?

  16. 16

    Retrieve Element Tag Value XML Using Bash

  17. 17

    Spring Boot JPA PostgreSQL Web App - Internal Authentication Error

  18. 18

    SQL Server : need add a dot before two last character

  19. 19

    Making Array From Page Elements in jQuery

  20. 20

    Laravel's ORM sync with timestamps doesn't update timestamps

  21. 21

    Do animations stop css changes after animation completion?

HotTag

Archive