LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-07-2007, 06:37 PM   #1
mistersnorfles
Member
 
Registered: Aug 2007
Distribution: Gentoo 2007.0
Posts: 51

Rep: Reputation: 15
Blocking specific outbound traffic - iptables


I know this seems like a simple question, but I have searched all over the place and can't seem to find an answer.

Question: How do I block outbound traffic, from the local computer (i.e. this firewall is NOT forwarding traffic for any other computers)? I only want to use bittorrent, browse the internet, and connect to other computers (but not let them initiate connections with me) via SSH. Other than that, there should be no incoming or outbound traffic. What would a simple iptables script for this look like?

It's wierd that I couldn't find the answer to this, but it seems like all of the documentation and forum posts I've found seem to only discuss the INPUT chain and FORWARD chains, or is discussing a computer used as a firewall for multiple computers, that is forwarding traffic. All I want to do though is protect the computer the firewall is installed on.

Any help would be appreciated....

Mr. Snorfles
 
Old 08-07-2007, 07:58 PM   #2
mistersnorfles
Member
 
Registered: Aug 2007
Distribution: Gentoo 2007.0
Posts: 51

Original Poster
Rep: Reputation: 15
SOLVED: Host-Based Firewalls

I did some more research and found exactly what I needed:

http://www.sun.com/blueprints/1103/817-4403.pdf

I didn't know that I was looking for "Host-based" firewalls. But now that I know the search term - all is well...

Hope this is helpful!

--Mr. Snorfles
 
Old 08-07-2007, 07:58 PM   #3
kcorupe
Member
 
Registered: Nov 2004
Location: Arizona
Distribution: Arch
Posts: 107

Rep: Reputation: 15
I think you should look into iptables stateful option,

take a look at this,

http://www.intel.com/cd/ids/develope.../eng/20555.htm
 
Old 08-08-2007, 02:11 AM   #4
mistersnorfles
Member
 
Registered: Aug 2007
Distribution: Gentoo 2007.0
Posts: 51

Original Poster
Rep: Reputation: 15
Interesting link

Interesting link...

Thanks!

--Mr. Snorfles
 
Old 08-08-2007, 01:23 PM   #5
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by mistersnorfles
How do I block outbound traffic, from the local computer (i.e. this firewall is NOT forwarding traffic for any other computers)? I only want to use bittorrent, browse the internet, and connect to other computers (but not let them initiate connections with me) via SSH. Other than that, there should be no incoming or outbound traffic. What would a simple iptables script for this look like?
It would look like this:
Code:
iptables -P INPUT DROP
iptables -P OUTPUT DROP

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT

iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# BitTorrent (Tracker):
iptables -A OUTPUT -p TCP --dport 6969 \
-m state --state NEW -j ACCEPT

# BitTorrent (P2P Connections):
iptables -A OUTPUT -p TCP --dport 6881:6999 \
-m state --state NEW -j ACCEPT

# HTTP:
iptables -A OUTPUT -p TCP --dport 80 \
-m state --state NEW -j ACCEPT

# HTTPS:
iptables -A OUTPUT -p TCP --dport 443 \
-m state --state NEW -j ACCEPT

# DNS:
iptables -A OUTPUT -p UDP --dport 53 \
-m state --state NEW -j ACCEPT

# DNS (TCP fallback):
iptables -A OUTPUT -p TCP --dport 53 \
-m state --state NEW -j ACCEPT

# SSH:
iptables -A OUTPUT -p TCP --dport 22 \
-m state --state NEW -j ACCEPT
The same thing, but more condensed:
Code:
iptables -P INPUT DROP
iptables -P OUTPUT DROP

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT

iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

iptables -A OUTPUT -p TCP \
-m multiport --dports 6969,6881:6999,80,443,53,22 \
-m state --state NEW -j ACCEPT

iptables -A OUTPUT -p UDP --dport 53 \
-m state --state NEW -j ACCEPT

Last edited by win32sux; 08-08-2007 at 01:26 PM.
 
Old 08-08-2007, 02:14 PM   #6
mistersnorfles
Member
 
Registered: Aug 2007
Distribution: Gentoo 2007.0
Posts: 51

Original Poster
Rep: Reputation: 15
Exactly what I had just made

thanks anyway though, win32
 
  


Reply

Tags
firewall, iptables, output, security


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables, and blocking all but non network traffic Argo Linux - Security 11 06-18-2007 07:42 PM
iptables blocking traffic JJX Linux - Networking 4 11-07-2005 05:36 AM
Blocking outgoing traffic from a specific port billy3 Linux - Security 10 09-24-2004 08:10 PM
Blocking Traffic on a specific port (kazaa) GratePayne Linux - Security 4 05-09-2004 09:10 AM
Iptables blocking all traffic on other NIC spede Linux - Security 3 05-05-2004 05:37 PM


All times are GMT -5. The time now is 05:17 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration