Iptables help please.

Alexey Fadyushin fab at s-tunnel.com
Tue Jun 28 18:31:54 UTC 2005

Waldher, Travis R wrote:
> Is there any way I can configure iptables to block all outbound traffic,
> but allow inbound?
> Here's the deal, I want people to be able to (for example) telnet/ssh
> in, but I don't want them to be able to telnet/ssh back out. I would
> prefer to do this with iptables.
> Basically, I want the roach motel... I want the users to be able to get
> in, but I don't want them getting back out. lol
> Thanks.

I think that the following configuration will help (I assume that the 
tables INPUT and OUTPUT are flushed before inserting these rules):

iptables -A INPUT -j ACCEPT
iptables -A OUTPUT -p tcp -m state ESTABLISHED, RELATED -j ACCEPT
iptables -A OUTPUT -p udp -m state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -j REJECT

The first rule will allow all incoming packets, the second and third 
ones will allow outgoing packets which transmitted in reply to already 
received incoming packets (as part of information exchange initiated 
from outside), and fourth rule will block all other outgoing packets 
(i.e. those which are sent not in reply to incoming traffic ).

Alexey Fadyushin
Brainbench MVP for Linux.

> _______________________________________________
> Redhat-install-list mailing list
> Redhat-install-list at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-install-list
> To Unsubscribe Go To ABOVE URL or send a message to:
> redhat-install-list-request at redhat.com
> Subject: unsubscribe

More information about the Redhat-install-list mailing list