Results 1 to 2 of 2
  1. #1

    Arrow [iptables] allow only connections initiated by the server

    Hi,

    I'm trying to setup iptables so it only allows connections initiated by myself. For example if I want to download something with wget. Below are my iptables rules. But somehow it's not working. When I change INPUT to ACCEPT it works fine. But I want to prevent people from accessing my server from outside.

    iptables --flush
    iptables --delete-chain

    iptables -P INPUT DROP
    iptables -P FORWARD DROP
    iptables -P OUTPUT ACCEPT

    iptables -A INPUT -i lo -j ACCEPT

    iptables -A OUTPUT -j ACCEPT
    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

  2. #2
    Join Date
    Mar 2010
    Posts
    65
    Quote Originally Posted by anonty View Post
    Hi,

    I'm trying to setup iptables so it only allows connections initiated by myself. For example if I want to download something with wget. Below are my iptables rules. But somehow it's not working. When I change INPUT to ACCEPT it works fine. But I want to prevent people from accessing my server from outside.

    iptables --flush
    iptables --delete-chain

    iptables -P INPUT DROP
    iptables -P FORWARD DROP
    iptables -P OUTPUT ACCEPT

    iptables -A INPUT -i lo -j ACCEPT

    iptables -A OUTPUT -j ACCEPT
    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT




    iptables -P INPUT DROP
    iptables -P FORWARD DROP
    iptables -P OUTPUT ACCEPT

    iptables -A INPUT -i lo -j ACCEPT

    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A INPUT -p icmp -j ACCEPT


    This states that:

    1. all packets initiated from the machine itself to the outside will be let through (accepted).
    2. all packets initiated from the machine and destined to itself alone will also be accepted (lo interface)
    3. All incoming packets to the machine coming from outside will be dropped except if they are part of an already established/related connection or are icmp related.
    4. All packets that are supposed to be forwarded by the machine (router/fw) will be dropped.


    So your wgets initiated from the machine to the outside should work fine.

Similar Threads

  1. It's been 48hrs since I initiated nameserver transfer, still not working.
    By ali123 in forum Hosting Security and Technology
    Replies: 9
    Last Post: 03-26-2010, 02:32 AM
  2. How to limit number of connections to port 80 with iptables ?
    By WebHostDog in forum Hosting Security and Technology
    Replies: 15
    Last Post: 08-31-2009, 09:20 PM
  3. Iptables and related/established connections problem
    By ldl in forum Hosting Security and Technology
    Replies: 5
    Last Post: 04-13-2009, 06:43 PM
  4. DDOS Attacks initiated by Admins
    By dunhill in forum Managed Hosting and Services
    Replies: 11
    Last Post: 01-06-2009, 03:25 PM
  5. GoDaddy: CHANGE OF REGISTRANT INITIATED
    By EFranklin in forum Domain Names
    Replies: 16
    Last Post: 12-30-2005, 09:29 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •