Home / ubuntu / Questions / 932534
Accepted
Askerman
Asked: 2017-07-07 01:14:06 +0800 CST

How do I allow browser in IPtables?

  • 772

I configured my iptables like this:

Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     udp  --  anywhere             anywhere             udp dpt:ssh
ACCEPT     all  --  anywhere             anywhere //(this is loopback)

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

From my understanding, the browser should work fine, because the browser begins browsing through the OUTPUT, which is ACCEPTing everything, but it's not working. Where have I made a mistake?

And my second question is, when I added the loopback rule (iptables -A INPUT -i lo -j ACCEPT), it visually looks like a general rule that accepts traffic from anywhere and not just the loopback, which is pretty confusing, is there some way to tell it's a loopback rule if I don't know it is?

Thank you.

networking

1 Answers

  1. Best Answer

    Complete `iptables1 rules will be

    Delete curent rules and chains in iptables

    sudo iptables --flush
sudo iptables --delete-chain

    allow loopback

    sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT

    allow established connections

    sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

    allow SSH or some different TCP port

    sudo iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

    allow UDP on port 22

    sudo iptables -A INPUT -m state --state NEW -p udp --dport 22 -j ACCEPT

    default policies

    sudo iptables -P INPUT DROP
sudo iptables -P OUTPUT ACCEPT

    Save

    sudo iptables-save

    This is it. I think :)

    • 1