Results 1 to 4 of 4

Thread: iptables firewalll to block all traffic except http

  1. #1
    Join Date
    Sep 2006
    Beans
    90

    iptables firewalll to block all traffic except http

    iptables -P INPUT DROP
    iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT


    i would like to block everything , except http traffic, but is not working ???

  2. #2
    Join Date
    Sep 2005
    Location
    Vancouver, Canada
    Beans
    149
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: iptables firewalll to block all traffic except http

    Can you please describe what exactly the machine is doing? Is it a sever or a client?

  3. #3
    Join Date
    Sep 2006
    Beans
    90

    Re: iptables firewalll to block all traffic except http

    it's a client, my desktop

  4. #4
    Join Date
    Sep 2005
    Location
    Vancouver, Canada
    Beans
    149
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: iptables firewalll to block all traffic except http

    Ok. The reason why it is not working is you have all incoming UDP traffic blocked. UDP is used for DNS resolution (port 53). Also, since you are a client the http traffic inbound will have the source port 80 (rather than destination). Any outbound traffic is not affected. Try this:

    Code:
    sudo iptables -F
    sudo iptables -P OUTPUT ACCEPT
    sudo iptables -P FORWARD ACCEPT
    
    sudo iptables -P INPUT DROP
    sudo iptables -A INPUT -p udp -m udp --sport 53 -j ACCEPT
    sudo iptables -A INPUT -p tcp -m tcp --sport 80 -j ACCEPT

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •