Iptables help please.
fab at s-tunnel.com
Tue Jun 28 18:31:54 UTC 2005
Waldher, Travis R wrote:
> Is there any way I can configure iptables to block all outbound traffic,
> but allow inbound?
> Here's the deal, I want people to be able to (for example) telnet/ssh
> in, but I don't want them to be able to telnet/ssh back out. I would
> prefer to do this with iptables.
> Basically, I want the roach motel... I want the users to be able to get
> in, but I don't want them getting back out. lol
I think that the following configuration will help (I assume that the
tables INPUT and OUTPUT are flushed before inserting these rules):
iptables -A INPUT -j ACCEPT
iptables -A OUTPUT -p tcp -m state ESTABLISHED, RELATED -j ACCEPT
iptables -A OUTPUT -p udp -m state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -j REJECT
The first rule will allow all incoming packets, the second and third
ones will allow outgoing packets which transmitted in reply to already
received incoming packets (as part of information exchange initiated
from outside), and fourth rule will block all other outgoing packets
(i.e. those which are sent not in reply to incoming traffic ).
Brainbench MVP for Linux.
> Redhat-install-list mailing list
> Redhat-install-list at redhat.com
> To Unsubscribe Go To ABOVE URL or send a message to:
> redhat-install-list-request at redhat.com
> Subject: unsubscribe
More information about the Redhat-install-list