You are not logged in.
I set the rules with these commands:
iptables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i inet -p tcp --dport 80 --match state --state NEW -j ACCEPT
iptables -A INPUT -i inet -p tcp --dport 443 --match state --state NEW -j ACCEPT
My chain has become this:
Chain INPUT (policy DROP 63 packets, 12467 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- inet * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW
0 0 ACCEPT tcp -- inet * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state NEW
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 43 packets, 3103 bytes)
pkts bytes target prot opt in out source destination
But with these settings, I do not have access to the Internet. I did everything on popular instructions on the Internet and this can not work, so I have something with Linux.
I want to block all ports except 80 and 443 to secure the computer, help someone solve this problem
Last edited by Xuvrot (2018-01-20 07:38:12)
Offline
I did everything on popular instructions on the Internet and this can not work
This is meaningless.
Please paste the output of `systemctl list-unit-files --state=enabled`. And use code tags when you paste here:
https://wiki.archlinux.org/index.php/Co … s_and_code
Moving to NC...
Offline
But with these settings, I do not have access to the Internet.
Because you closed all inbound except for 80 & 443 - how do you think your browser or ping or nmap or whatever client you used to "have access to the Internet" receives data?
Cosmic rays?
The first "popular instruction" returned by google btw. addresses this:
https://superuser.com/questions/427458/ … h-iptables
Offline
Consult with this paragraph and whole article:
https://wiki.archlinux.org/index.php/si … NPUT_chain
Make sure that interfaces names match, you can get names by command:
ip a
Last edited by Fixxer (2018-01-20 09:21:47)
Offline