IPtables configuration

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}

First, i'm sorry for my english, not my first language.

I was wondering about IPtables. I read a lot of articles and posts about it, and thought i understood it at least a bit.

I spent hours trying every combinations of rules... And yet, i'm starting to think that only the established rules allow me to go on internet. when i delete those rules, nothing is allowed...

What did i do wrong ?

Thanks in advance !

  #!/bin/bash

  #iptables-restore < /etc/iptables.test.rules



  iptables -F

  iptables -X

  iptables -t nat -F

  iptables -t nat -X

  iptables -t mangle -F

  iptables -t mangle -X

  iptables -P INPUT DROP

  iptables -P FORWARD DROP

  iptables -P OUTPUT DROP 



  ## On drop les scans XMAS et NULL.

  iptables -A INPUT -p tcp --tcp-flags FIN,URG,PSH FIN,URG,PSH -j DROP

  iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP

  iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP

  iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP



  # Dropper silencieusement tous les paquets broadcastés.

  iptables -A INPUT -m pkttype --pkt-type broadcast -j DROP



  # Droping all invalid packets

  iptables -A INPUT -m state --state INVALID -j DROP

  iptables -A FORWARD -m state --state INVALID -j DROP

  iptables -A OUTPUT -m state --state INVALID -j DROP



  # Autorise les connexions déjà établies et localhost              

  iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT      

  iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT     

  iptables -A INPUT -i lo -j ACCEPT                             

  #iptables -A OUTPUT -o lo -j ACCEPT



  # Autorise uniquement les processus de l'utilisateur tor à établir des 

  connexions

  #iptables -A OUTPUT -m owner --uid-owner tor -j ACCEPT



  #TOR

  #iptables -A INPUT -p tcp -m tcp --dport 9050 -j ACCEPT

  iptables -A OUTPUT -p tcp -m tcp --dport 9050 -j ACCEPT



  # ICMP (Ping)                                     

  iptables -A INPUT -p icmp -j DROP                     

  iptables -A OUTPUT -p icmp -j DROP



  # SSH                                         

  iptables -A INPUT -p tcp --dport 666 -j DROP              

  iptables -A OUTPUT -p tcp --dport 666 -j DROP



  # DNS                                         

  iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT                    

  iptables -A OUTPUT -p udp --dport 53 -j ACCEPT                    

  #iptables -A INPUT -p tcp --dport 53 -j ACCEPT                    

  #iptables -A INPUT -p udp --dport 53 -j ACCEPT 



  # HTTP                                            

  iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT                

  #iptables -A INPUT -p tcp --dport 80 -j ACCEPT    



  #HTTPS

  iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT                   

  #iptables -A INPUT -p tcp --dport 443 -j ACCEPT   



  # FTP 

  #iptables -A OUTPUT -p tcp --dport 20:21 -j DROP

  #iptables -A INPUT -p tcp --dport 20:21 -j DROP



  # Mail SMTP 

  #iptables -A INPUT -p tcp --dport 25 -j DROP

  iptables -A OUTPUT -p tcp --dport 25 -j ACCEPT  

  #iptables -A INPUT -p tcp --dport 587 -j DROP

  #iptables -A OUTPUT -p tcp --dport 587 -j DROP



#Transmission

iptables -A INPUT -m state --state ESTABLISHED -p udp --dport 51413 -j  

ACCEPT

iptables -A OUTPUT -p udp --sport 51413 -j ACCEPT



  # Mail POP3

  #iptables -A INPUT -p tcp --dport 110 -j DROP

  #iptables -A OUTPUT -p tcp --dport 110 -j DROP 



  # Mail IMAP

  #iptables -A INPUT -p tcp --dport 143 -j DROP 

  #iptables -A OUTPUT -p tcp --dport 143 -j DROP 



  # NTP (horloge du serveur) 

  iptables -A OUTPUT -p udp --dport 123 -j ACCEPT   



  # On log les paquets en entrée.

  iptables -A INPUT -j LOG



# On log les paquets en sortie.

iptables -A OUTPUT -j LOG



  # On log les paquets forward.

  iptables -A FORWARD -j LOG                



  exit 0

asked 3 mins ago

redraven

New contributor

add a comment |

First, i'm sorry for my english, not my first language.

I was wondering about IPtables. I read a lot of articles and posts about it, and thought i understood it at least a bit.

I spent hours trying every combinations of rules... And yet, i'm starting to think that only the established rules allow me to go on internet. when i delete those rules, nothing is allowed...

What did i do wrong ?

Thanks in advance !

  #!/bin/bash

  #iptables-restore < /etc/iptables.test.rules



  iptables -F

  iptables -X

  iptables -t nat -F

  iptables -t nat -X

  iptables -t mangle -F

  iptables -t mangle -X

  iptables -P INPUT DROP

  iptables -P FORWARD DROP

  iptables -P OUTPUT DROP 



  ## On drop les scans XMAS et NULL.

  iptables -A INPUT -p tcp --tcp-flags FIN,URG,PSH FIN,URG,PSH -j DROP

  iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP

  iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP

  iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP



  # Dropper silencieusement tous les paquets broadcastés.

  iptables -A INPUT -m pkttype --pkt-type broadcast -j DROP



  # Droping all invalid packets

  iptables -A INPUT -m state --state INVALID -j DROP

  iptables -A FORWARD -m state --state INVALID -j DROP

  iptables -A OUTPUT -m state --state INVALID -j DROP



  # Autorise les connexions déjà établies et localhost              

  iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT      

  iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT     

  iptables -A INPUT -i lo -j ACCEPT                             

  #iptables -A OUTPUT -o lo -j ACCEPT



  # Autorise uniquement les processus de l'utilisateur tor à établir des 

  connexions

  #iptables -A OUTPUT -m owner --uid-owner tor -j ACCEPT



  #TOR

  #iptables -A INPUT -p tcp -m tcp --dport 9050 -j ACCEPT

  iptables -A OUTPUT -p tcp -m tcp --dport 9050 -j ACCEPT



  # ICMP (Ping)                                     

  iptables -A INPUT -p icmp -j DROP                     

  iptables -A OUTPUT -p icmp -j DROP



  # SSH                                         

  iptables -A INPUT -p tcp --dport 666 -j DROP              

  iptables -A OUTPUT -p tcp --dport 666 -j DROP



  # DNS                                         

  iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT                    

  iptables -A OUTPUT -p udp --dport 53 -j ACCEPT                    

  #iptables -A INPUT -p tcp --dport 53 -j ACCEPT                    

  #iptables -A INPUT -p udp --dport 53 -j ACCEPT 



  # HTTP                                            

  iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT                

  #iptables -A INPUT -p tcp --dport 80 -j ACCEPT    



  #HTTPS

  iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT                   

  #iptables -A INPUT -p tcp --dport 443 -j ACCEPT   



  # FTP 

  #iptables -A OUTPUT -p tcp --dport 20:21 -j DROP

  #iptables -A INPUT -p tcp --dport 20:21 -j DROP



  # Mail SMTP 

  #iptables -A INPUT -p tcp --dport 25 -j DROP

  iptables -A OUTPUT -p tcp --dport 25 -j ACCEPT  

  #iptables -A INPUT -p tcp --dport 587 -j DROP

  #iptables -A OUTPUT -p tcp --dport 587 -j DROP



#Transmission

iptables -A INPUT -m state --state ESTABLISHED -p udp --dport 51413 -j  

ACCEPT

iptables -A OUTPUT -p udp --sport 51413 -j ACCEPT



  # Mail POP3

  #iptables -A INPUT -p tcp --dport 110 -j DROP

  #iptables -A OUTPUT -p tcp --dport 110 -j DROP 



  # Mail IMAP

  #iptables -A INPUT -p tcp --dport 143 -j DROP 

  #iptables -A OUTPUT -p tcp --dport 143 -j DROP 



  # NTP (horloge du serveur) 

  iptables -A OUTPUT -p udp --dport 123 -j ACCEPT   



  # On log les paquets en entrée.

  iptables -A INPUT -j LOG



# On log les paquets en sortie.

iptables -A OUTPUT -j LOG



  # On log les paquets forward.

  iptables -A FORWARD -j LOG                



  exit 0

asked 3 mins ago

redraven

New contributor

add a comment |

First, i'm sorry for my english, not my first language.

I was wondering about IPtables. I read a lot of articles and posts about it, and thought i understood it at least a bit.

I spent hours trying every combinations of rules... And yet, i'm starting to think that only the established rules allow me to go on internet. when i delete those rules, nothing is allowed...

What did i do wrong ?

Thanks in advance !

  #!/bin/bash

  #iptables-restore < /etc/iptables.test.rules



  iptables -F

  iptables -X

  iptables -t nat -F

  iptables -t nat -X

  iptables -t mangle -F

  iptables -t mangle -X

  iptables -P INPUT DROP

  iptables -P FORWARD DROP

  iptables -P OUTPUT DROP 



  ## On drop les scans XMAS et NULL.

  iptables -A INPUT -p tcp --tcp-flags FIN,URG,PSH FIN,URG,PSH -j DROP

  iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP

  iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP

  iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP



  # Dropper silencieusement tous les paquets broadcastés.

  iptables -A INPUT -m pkttype --pkt-type broadcast -j DROP



  # Droping all invalid packets

  iptables -A INPUT -m state --state INVALID -j DROP

  iptables -A FORWARD -m state --state INVALID -j DROP

  iptables -A OUTPUT -m state --state INVALID -j DROP



  # Autorise les connexions déjà établies et localhost              

  iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT      

  iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT     

  iptables -A INPUT -i lo -j ACCEPT                             

  #iptables -A OUTPUT -o lo -j ACCEPT



  # Autorise uniquement les processus de l'utilisateur tor à établir des 

  connexions

  #iptables -A OUTPUT -m owner --uid-owner tor -j ACCEPT



  #TOR

  #iptables -A INPUT -p tcp -m tcp --dport 9050 -j ACCEPT

  iptables -A OUTPUT -p tcp -m tcp --dport 9050 -j ACCEPT



  # ICMP (Ping)                                     

  iptables -A INPUT -p icmp -j DROP                     

  iptables -A OUTPUT -p icmp -j DROP



  # SSH                                         

  iptables -A INPUT -p tcp --dport 666 -j DROP              

  iptables -A OUTPUT -p tcp --dport 666 -j DROP



  # DNS                                         

  iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT                    

  iptables -A OUTPUT -p udp --dport 53 -j ACCEPT                    

  #iptables -A INPUT -p tcp --dport 53 -j ACCEPT                    

  #iptables -A INPUT -p udp --dport 53 -j ACCEPT 



  # HTTP                                            

  iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT                

  #iptables -A INPUT -p tcp --dport 80 -j ACCEPT    



  #HTTPS

  iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT                   

  #iptables -A INPUT -p tcp --dport 443 -j ACCEPT   



  # FTP 

  #iptables -A OUTPUT -p tcp --dport 20:21 -j DROP

  #iptables -A INPUT -p tcp --dport 20:21 -j DROP



  # Mail SMTP 

  #iptables -A INPUT -p tcp --dport 25 -j DROP

  iptables -A OUTPUT -p tcp --dport 25 -j ACCEPT  

  #iptables -A INPUT -p tcp --dport 587 -j DROP

  #iptables -A OUTPUT -p tcp --dport 587 -j DROP



#Transmission

iptables -A INPUT -m state --state ESTABLISHED -p udp --dport 51413 -j  

ACCEPT

iptables -A OUTPUT -p udp --sport 51413 -j ACCEPT



  # Mail POP3

  #iptables -A INPUT -p tcp --dport 110 -j DROP

  #iptables -A OUTPUT -p tcp --dport 110 -j DROP 



  # Mail IMAP

  #iptables -A INPUT -p tcp --dport 143 -j DROP 

  #iptables -A OUTPUT -p tcp --dport 143 -j DROP 



  # NTP (horloge du serveur) 

  iptables -A OUTPUT -p udp --dport 123 -j ACCEPT   



  # On log les paquets en entrée.

  iptables -A INPUT -j LOG



# On log les paquets en sortie.

iptables -A OUTPUT -j LOG



  # On log les paquets forward.

  iptables -A FORWARD -j LOG                



  exit 0

asked 3 mins ago

redraven

New contributor

First, i'm sorry for my english, not my first language.

I was wondering about IPtables. I read a lot of articles and posts about it, and thought i understood it at least a bit.

I spent hours trying every combinations of rules... And yet, i'm starting to think that only the established rules allow me to go on internet. when i delete those rules, nothing is allowed...

What did i do wrong ?

Thanks in advance !

  #!/bin/bash

  #iptables-restore < /etc/iptables.test.rules



  iptables -F

  iptables -X

  iptables -t nat -F

  iptables -t nat -X

  iptables -t mangle -F

  iptables -t mangle -X

  iptables -P INPUT DROP

  iptables -P FORWARD DROP

  iptables -P OUTPUT DROP 



  ## On drop les scans XMAS et NULL.

  iptables -A INPUT -p tcp --tcp-flags FIN,URG,PSH FIN,URG,PSH -j DROP

  iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP

  iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP

  iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP



  # Dropper silencieusement tous les paquets broadcastés.

  iptables -A INPUT -m pkttype --pkt-type broadcast -j DROP



  # Droping all invalid packets

  iptables -A INPUT -m state --state INVALID -j DROP

  iptables -A FORWARD -m state --state INVALID -j DROP

  iptables -A OUTPUT -m state --state INVALID -j DROP



  # Autorise les connexions déjà établies et localhost              

  iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT      

  iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT     

  iptables -A INPUT -i lo -j ACCEPT                             

  #iptables -A OUTPUT -o lo -j ACCEPT



  # Autorise uniquement les processus de l'utilisateur tor à établir des 

  connexions

  #iptables -A OUTPUT -m owner --uid-owner tor -j ACCEPT



  #TOR

  #iptables -A INPUT -p tcp -m tcp --dport 9050 -j ACCEPT

  iptables -A OUTPUT -p tcp -m tcp --dport 9050 -j ACCEPT



  # ICMP (Ping)                                     

  iptables -A INPUT -p icmp -j DROP                     

  iptables -A OUTPUT -p icmp -j DROP



  # SSH                                         

  iptables -A INPUT -p tcp --dport 666 -j DROP              

  iptables -A OUTPUT -p tcp --dport 666 -j DROP



  # DNS                                         

  iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT                    

  iptables -A OUTPUT -p udp --dport 53 -j ACCEPT                    

  #iptables -A INPUT -p tcp --dport 53 -j ACCEPT                    

  #iptables -A INPUT -p udp --dport 53 -j ACCEPT 



  # HTTP                                            

  iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT                

  #iptables -A INPUT -p tcp --dport 80 -j ACCEPT    



  #HTTPS

  iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT                   

  #iptables -A INPUT -p tcp --dport 443 -j ACCEPT   



  # FTP 

  #iptables -A OUTPUT -p tcp --dport 20:21 -j DROP

  #iptables -A INPUT -p tcp --dport 20:21 -j DROP



  # Mail SMTP 

  #iptables -A INPUT -p tcp --dport 25 -j DROP

  iptables -A OUTPUT -p tcp --dport 25 -j ACCEPT  

  #iptables -A INPUT -p tcp --dport 587 -j DROP

  #iptables -A OUTPUT -p tcp --dport 587 -j DROP



#Transmission

iptables -A INPUT -m state --state ESTABLISHED -p udp --dport 51413 -j  

ACCEPT

iptables -A OUTPUT -p udp --sport 51413 -j ACCEPT



  # Mail POP3

  #iptables -A INPUT -p tcp --dport 110 -j DROP

  #iptables -A OUTPUT -p tcp --dport 110 -j DROP 



  # Mail IMAP

  #iptables -A INPUT -p tcp --dport 143 -j DROP 

  #iptables -A OUTPUT -p tcp --dport 143 -j DROP 



  # NTP (horloge du serveur) 

  iptables -A OUTPUT -p udp --dport 123 -j ACCEPT   



  # On log les paquets en entrée.

  iptables -A INPUT -j LOG



# On log les paquets en sortie.

iptables -A OUTPUT -j LOG



  # On log les paquets forward.

  iptables -A FORWARD -j LOG                



  exit 0

security iptables firewall

asked 3 mins ago

redraven

New contributor

asked 3 mins ago

redraven

New contributor

asked 3 mins ago

redraven

New contributor

asked 3 mins ago

redraven

asked 3 mins ago

redraven

New contributor

redraven is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment |

0

active

oldest

votes

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});

}
});

redraven is a new contributor. Be nice, and check out our Code of Conduct.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1137597%2fiptables-configuration%23new-answer', 'question_page');
}
);

Post as a guest

Name

Required, but never shown

0

active

oldest

votes

0

active

oldest

votes

redraven is a new contributor. Be nice, and check out our Code of Conduct.

draft saved

draft discarded

redraven is a new contributor. Be nice, and check out our Code of Conduct.

Thanks for contributing an answer to Ask Ubuntu!

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

搜尋此網誌

Jtdcftul