I am very new to this. I am trying to setup iptables for my laptop on a home network. I've basically done as much as i can without help. Once i execute all the rules I lose all internet. I'm not asking for anyone to write it for me, I just need to be pointed in the right direction. I've read a few of the tutorial IP tables threads as well as the stick.
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
Code:
Chain INPUT (policy DROP)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
Code:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
iptables -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p tcp -m state --state NEW --dport 443 -j ACCEPT
iptables -A OUTPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT
iptables -A OUTPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
iptables -A OUTPUT -p udp -m state --state NEW --dport 67 -j ACCEPT
iptables -A INPUT -p udp -m state --state NEW --dport 67 -j ACCEPT
iptables -A OUTPUT -p udp -m state --state NEW --dport 68 -j ACCEPT
iptables -A INPUT -p udp -m state --state NEW --dport 68 -j ACCEPT
iptables -A INPUT -p tcp --dport ssh -j ACCEPT
Code:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:www state NEW
ACCEPT udp -- anywhere anywhere state NEW udp dpt:bootps
ACCEPT udp -- anywhere anywhere state NEW udp dpt:bootpc
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain
ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain
ACCEPT udp -- anywhere anywhere state NEW udp dpt:bootps
ACCEPT udp -- anywhere anywhere state NEW udp dpt:bootpc
I run -netstat -atpvn(I cannot load a page in the browser)
Code:
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 980/cupsd
tcp 0 1 192.168.1.3:46xx6 xx.xxx.216.119:80 SYN_SENT 3066/firefox
tcp 0 1 192.168.1.3:33xxx xx.xxx.94.12:80 SYN_SENT 3083/chrome
tcp 0 0 192.168.1.3:xxxxx xxx.xxx.167.5:443 TIME_WAIT -
tcp 0 1 192.168.1.3:4xx63 xxx.x.55.72:80 SYN_SENT 3083/chrome
tcp 0 0 192.168.1.3:35xx8 xx.xxx.159.139:443 ESTABLISHED 3083/chrome
tcp 0 0 192.168.1.3:3xx02 xx.xxx.159.139:443 TIME_WAIT -
tcp 0 1 192.168.1.3:4xx76 xxx.xx.52.190:80 SYN_SENT 3083/chrome
tcp 0 1 192.168.1.3:3xx13 xx.xxx.65.125:5222 SYN_SENT 3083/chrome
tcp 0 1 192.168.1.3:3xx75 xx.xx9.x4.12:80 SYN_SENT 3083/chrome
tcp 0 1 192.168.1.3:3xx73 xx.xxx.x4.12:80 SYN_SENT 3083/chrome
tcp 0 1 192.168.1.3:5xx73 xxx.xxx.52.196:80 SYN_SENT 3083/chrome
tcp 0 0 192.168.1.3:36xx6 xx.xxx.47.103:4xx TIME_WAIT -
tcp 0 1 192.168.1.3:38xx1 xx.xxx.xx9.239:80 SYN_SENT 3083/chrome
tcp 0 0 192.168.1.3:60xx1 xx.xx.181.105:44x TIME_WAIT -
tcp 0 1 192.168.1.3:38xx9 xx.xxx.23x.239:80 SYN_SENT 3083/chrome
tcp 0 1 192.168.1.3:575xx 1xx.x.xx.1xx:80 SYN_SENT 3083/chrome
tcp 0 1 192.168.1.3:57xxx xxx.xxx.x2.1xx:80 SYN_SENT 3083/chrome
tcp 0 1 192.168.1.3:389xx xx.xxx.x5.xx5:522xx SYN_SENT 3083/chrome
tcp 0 0 192.168.1.3:548xx xxx.1xx.x4.81:44xx ESTABLISHED 3083/chrome
tcp 0 1 192.168.1.3:407xx xxx.x.x8.xx0:80 SYN_SENT 3083/chrome
tcp 0 1 192.168.1.3:508xx xx.xx5.x5.1xx:8x SYN_SENT 3083/chrome
tcp 1 0 192.168.1.3:398xx 7x.1xx.4x.xx5:xx3 CLOSE_WAIT 2261/gvfsd-http
tcp 0 1 192.168.1.3:575xx 1xx.7.x9.xx0:80 SYN_SENT 3083/chrome
tcp 0 1 192.168.1.3:415xx 1xx.7.5x.7x:80 SYN_SENT 3083/chrome
tcp 0 1 192.168.1.3:331xx x1.xx9.x4.x2:80 SYN_SENT 3083/chrome
tcp 0 1 192.168.1.3:465xx xx.1xx.2xx.xx9:80 SYN_SENT 3066/firefox
tcp 0 1 192.168.1.3:415xx xxx.xx.x5.7x:80 SYN_SENT 3083/chrome
tcp 0 0 192.168.1.3:602xx xx.1x.xx7.5:x3 TIME_WAIT -
tcp 0 0 192.168.1.3:548xx xxx.1x4.9x.8x:44x TIME_WAIT -
tcp 0 1 192.168.1.3:xxxxx xx.xx.xx.7x:8x SYN_SENT 3083/chrome
tcp 0 1 192.168.1.3:xxxxx x1x.x.7x.xx0:80 SYN_SENT 3083/chrome
tcp6 0 0 ::1:631 :::* LISTEN 980/cupsd
When i clear all the rules I don't have internet... i get this error:
This webpage is not available
The server at ubuntuforums.org can't be found, because the DNS lookup failed. DNS is the network service that translates a website's name to its Internet address. This error is most often caused by having no connection to the Internet or a misconfigured network. It can also be caused by an unresponsive DNS server or a firewall preventing Google Chrome from accessing the network. Once I restart i get internet back.
Bookmarks