-1

I play around with the rules for my web server, but it doesn´t work as i want. The ports seems to be reachable, but a connection won´t happen, here´s the script:

#!/bin/bash

# Drop all Incoming
iptables -A INPUT -j DROP

# Allow all Outgoing
iptables -A OUTPUT -d 0.0.0.0/0 -j ACCEPT

# Allow Incoming for special IPs to all Ports
iptables -A INPUT -s 1.2.3.4/32 -j ACCEPT
iptables -A INPUT -s 2.3.4.5/32 -j ACCEPT
iptables -A INPUT -s 3.4.5.6/32 -j ACCEPT

# Allow Incoming from Internet to Ports
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

# Allow established connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow localhost
iptables -A INPUT -i lo -j ACCEPT
kasperd
  • 30,455
  • 17
  • 76
  • 124
Daniel
  • 1
  • 2
  • Your first rule drops all incoming packets. Even those looping back to the host itself. There is no way anything is ever going to work when your firewall rules won't let even one single packet pass. – kasperd Dec 21 '14 at 00:27
  • thanks for hinting me to the right position...working 3 days in a row makes blind.^^changing the first rule to iptables --policy INPUT DROP solves it! – Daniel Dec 21 '14 at 00:33
  • 1
    @Daniel, please take the time to write this out as an answer, don't correct the mistake in the question. Please read the [help]. – Sven Dec 21 '14 at 11:37

1 Answers1

0

Solution was simple, just replace the first rule

iptables -A INPUT -j DROP

with

iptables --policy INPUT DROP

This doesn't block all, instead sets the policy to default block for Input connections.

masegaloeh
  • 18,236
  • 10
  • 57
  • 106
Daniel
  • 1
  • 2