Blocking specific outbound traffic

mistersnorfles · 08-07-2007, 06:37 PM

I know this seems like a simple question, but I have searched all over the place and can't seem to find an answer.

Question: How do I block outbound traffic, from the local computer (i.e. this firewall is NOT forwarding traffic for any other computers)? I only want to use bittorrent, browse the internet, and connect to other computers (but not let them initiate connections with me) via SSH. Other than that, there should be no incoming or outbound traffic. What would a simple iptables script for this look like?

It's wierd that I couldn't find the answer to this, but it seems like all of the documentation and forum posts I've found seem to only discuss the INPUT chain and FORWARD chains, or is discussing a computer used as a firewall for multiple computers, that is forwarding traffic. All I want to do though is protect the computer the firewall is installed on.

Any help would be appreciated....

Mr. Snorfles

mistersnorfles · 08-07-2007, 07:58 PM

I did some more research and found exactly what I needed:

http://www.sun.com/blueprints/1103/817-4403.pdf

I didn't know that I was looking for "Host-based" firewalls. But now that I know the search term - all is well...

Hope this is helpful!

--Mr. Snorfles

kcorupe · 08-07-2007, 07:58 PM

I think you should look into iptables stateful option,

take a look at this,

http://www.intel.com/cd/ids/develope.../eng/20555.htm

mistersnorfles · 08-08-2007, 02:11 AM

Interesting link...

Thanks!

--Mr. Snorfles

win32sux · 08-08-2007, 01:23 PM

Quote:

Originally Posted by mistersnorfles

How do I block outbound traffic, from the local computer (i.e. this firewall is NOT forwarding traffic for any other computers)? I only want to use bittorrent, browse the internet, and connect to other computers (but not let them initiate connections with me) via SSH. Other than that, there should be no incoming or outbound traffic. What would a simple iptables script for this look like?

It would look like this:

Code:

iptables -P INPUT DROP
iptables -P OUTPUT DROP

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT

iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# BitTorrent (Tracker):
iptables -A OUTPUT -p TCP --dport 6969 \
-m state --state NEW -j ACCEPT

# BitTorrent (P2P Connections):
iptables -A OUTPUT -p TCP --dport 6881:6999 \
-m state --state NEW -j ACCEPT

# HTTP:
iptables -A OUTPUT -p TCP --dport 80 \
-m state --state NEW -j ACCEPT

# HTTPS:
iptables -A OUTPUT -p TCP --dport 443 \
-m state --state NEW -j ACCEPT

# DNS:
iptables -A OUTPUT -p UDP --dport 53 \
-m state --state NEW -j ACCEPT

# DNS (TCP fallback):
iptables -A OUTPUT -p TCP --dport 53 \
-m state --state NEW -j ACCEPT

# SSH:
iptables -A OUTPUT -p TCP --dport 22 \
-m state --state NEW -j ACCEPT

The same thing, but more condensed:

Code:

iptables -P INPUT DROP
iptables -P OUTPUT DROP

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT

iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

iptables -A OUTPUT -p TCP \
-m multiport --dports 6969,6881:6999,80,443,53,22 \
-m state --state NEW -j ACCEPT

iptables -A OUTPUT -p UDP --dport 53 \
-m state --state NEW -j ACCEPT

mistersnorfles · 08-08-2007, 02:14 PM

Exactly what I had just made

thanks anyway though, win32