need clarification on writing ACLS using iptables - Setup

This is a discussion on need clarification on writing ACLS using iptables - Setup ; Greetings , i am configuring iptables to block all traffic other that DNS and HTTP traffic. But after writing the following rules , I am not able to browse INTERNET. That means the firewall is blocking HTTP traffic. But with ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: need clarification on writing ACLS using iptables

  1. need clarification on writing ACLS using iptables

    Greetings ,

    i am configuring iptables to block all traffic other that DNS and
    HTTP traffic.
    But after writing the following rules , I am not able to browse
    INTERNET.
    That means the firewall is blocking HTTP traffic. But with the same
    rules ,
    I am able to do name resolution .
    The rules are as follows.

    [root@gdrd5 ~]# iptables -L -n
    Chain INPUT (policy DROP)
    target prot opt source destination
    ACCEPT udp -- 0.0.0.0/0 172.16.16.25 state
    ESTABLISHED udp spt:53
    ACCEPT tcp -- 0.0.0.0/0 172.16.16.25 state
    ESTABLISHED tcp spts:80:443

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy DROP)
    target prot opt source destination
    ACCEPT udp -- 172.16.16.25 0.0.0.0/0 udp dpt:
    53
    ACCEPT tcp -- 172.16.16.25 0.0.0.0/0 tcp dpts:
    80:443

    With the above rules , it is allowing DNS traffic but not allowing
    HTTP traffic.
    Please kindly clarify where I went wrong . I need to allow both DNS
    and HTTP
    traffic.

    With Thanks in Advance.





  2. Re: need clarification on writing ACLS using iptables

    On Sat, 17 Nov 2007 02:51:29 -0800, bzaman wrote:

    > Greetings ,
    >
    > i am configuring iptables to block all traffic other that DNS and
    > HTTP traffic.
    > But after writing the following rules , I am not able to browse
    > INTERNET.


    Try this:

    iptables -A INPUT -i -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A INPUT -i -j DROP
    iptables -A OUTPUT -o -m state --steta ESTABLISHED,RELATED -j ACCEPT
    iptables -A OUTPUT -o -dport 53 -m state --state NEW -j ACCEPT
    iptables -A OUTPUT -o -p tcp --dport 80 -m state --state NEW -j ACCEPT
    iptables -A OUTPUT -o -p tcp --dport 443 -m state --state NEW -j ACCEPT
    iptables -A OUTPUT -o -j DROP


    --

    Regards
    Robert

    Smile... it increases your face value!


    ----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
    http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
    ----= East and West-Coast Server Farms - Total Privacy via Encryption =----

+ Reply to Thread