You are not logged in.

Pages: 1

#1 2018-01-20 07:33:01

Xuvrot
Member
Registered: 2018-01-20
Posts: 1

Rules in the iptables chain to close ports does not work

I set the rules with these commands:

iptables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i inet -p tcp --dport 80 --match state --state NEW -j ACCEPT
iptables -A INPUT -i inet -p tcp --dport 443 --match state --state NEW -j ACCEPT

My chain has become this:
Chain INPUT (policy DROP 63 packets, 12467 bytes)
pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  inet   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 state NEW
0     0 ACCEPT     tcp  --  inet   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 state NEW
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 43 packets, 3103 bytes)
pkts bytes target     prot opt in     out     source               destination

But with these settings, I do not have access to the Internet. I did everything on popular instructions on the Internet and this can not work, so I have something with Linux.
I want to block all ports except 80 and 443 to secure the computer, help someone solve this problem

Last edited by Xuvrot (2018-01-20 07:38:12)

Offline

#2 2018-01-20 07:57:37

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: Rules in the iptables chain to close ports does not work

Xuvrot wrote:

I did everything on popular instructions on the Internet and this can not work

This is meaningless.


Please paste the output of `systemctl list-unit-files --state=enabled`. And use code tags when you paste here:
https://wiki.archlinux.org/index.php/Co … s_and_code



Moving to NC...

Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#3 2018-01-20 09:08:54

seth
Member
Registered: 2012-09-03
Posts: 51,253

Re: Rules in the iptables chain to close ports does not work

But with these settings, I do not have access to the Internet.

Because you closed all inbound except for 80 & 443 - how do you  think your browser or ping or nmap or whatever client you used to "have access to the Internet" receives data?
Cosmic rays?

The first "popular instruction" returned by google btw. addresses this:
https://superuser.com/questions/427458/ … h-iptables

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Offline

#4 2018-01-20 09:21:35

Fixxer
Member
From: Poland
Registered: 2011-08-29
Posts: 217

Re: Rules in the iptables chain to close ports does not work

Consult with this paragraph and whole article:
https://wiki.archlinux.org/index.php/si … NPUT_chain

Make sure that interfaces names match, you can get names by command:

ip a

Last edited by Fixxer (2018-01-20 09:21:47)

Offline

Pages: 1

Board footer

Powered by FluxBB