iptables firewall

C

crimp

Beta member
Messages
5
I've been trying to block all ports udp,tcp,icmp execpt 80tcp and 53tcp so i can use the internet. The problem is it won't let me use the internet if i block tcp and udp ports. This is the commands i'm using.
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 53 -j ACCEPT
iptables -I INPUT -p tcp -j DROP
iptables -I INPUT -p udp -j DROP
iptables -I INPUT -p icmp -j DROP

Thanks
 
try dropping ports before you accept ports,
you're telling it to accept ports that you already allow, then instructing it to drop ports.

TBH I've always found IPtables a bit of a bugger to use, but there are, (assuming you have an X console running) some pretty nice graphical apps for configuring it, that dumb it down to a few check boxes to drop all but http...


but as I said, before you go that far, just try re-arranging the order of the commands.
 
thanks for the idea, i tryed it it but no luck i tryed changeing it to this
iptables -F
iptables -I OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -I OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -I OUTPUT -p udp --dport 53 -j ACCEPT
iptables -I INPUT -p icmp -j DROP
iptables -I INPUT -p tcp --dport 3600 -j ACCEPT
//iptables -I INPUT -p udp -j DROP
//iptables -I INPUT -p tcp -j DROP
iptables -L

What GUI do you use to configure your firewall?
Thanks
 
I was thikning more something like this...

iptables -I INPUT -p tcp -j DROP
iptables -I INPUT -p udp -j DROP
iptables -I INPUT -p icmp -j DROP
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 53 -j ACCEPT

but actually that won't work either!!

the syntax for what you are rtying to do is all wrong. I assume that you are trying to, bascially you want to be able to browse the web, but you want to protect your computer from outside attack, and you'd want to stop your computer making connections to other people...

anyway..
(from: http://oob.freeshell.org/nzwireless/firewall.html)

this is what your conf file should look like.
Code: 
### IP table conf file ###

# Set default policies (drop all connections)
:INPUT DROP [1:44] 
:FORWARD DROP [0:0] 
:OUTPUT ACCEPT [27040:2493902] 

#allow web traffic requests out
-A OUTPUT -p tcp --dport 80 -j ACCEPT
#allow DNS out
-A OUTPUT -p tcp --dport 53 -j ACCEPT

#do it!
COMMIT
 
You must log in or register to reply here.

Similar threads

C
Help me with 'port forwarding' please?!
Replies
3
Views
1K
farinha
farinha
S
Difficulty installing edge browser
Replies
9
Views
2K
Antonio Turner
A
W
Covert Communication via modulated Ultrasonic Acoustic Pressure Waves
Replies
0
Views
1K
WhiteHatX74
W
B
Port Fwd- How to allow incoming on UDP port 1000
Replies
5
Views
2K
PP Mguire
PP Mguire
M
How Does This CRT Instrument Work?
Replies
0
Views
929
Miller0823
M
Back
Top Bottom