Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 04-11-2013, 01:56 AM   #1
LQ Newbie
Registered: Apr 2013
Posts: 2

Rep: Reputation: Disabled
iptables firewall rule


I'm trying to set iptables firewall rules. But i'm having a problem , after applying my rules, it blocks all the connections, i'm not sure why.

I have 3 pcs

, PC2

, PC3

PC2 is connected to PC1 and PC2, and IP forwarding is turned on.

So when there is no firewall rule everything works but after applying it blocks everything , i can't ping ... i'm not sure what i'm missing

#PC1 to PC3 web server
iptables -A FORWARD -p tcp -s --dport 80 -d -j ACCEPT

#PC1 to PC3 ssh server 
iptables -A FORWARD -p tcp -s -d --dport 22 -j ACCEPT

#PC3 to  PC2 ssh server
iptables -A INPUT -p tcp -s -d --dport 22 -j ACCEPT

#PC1 to PC3 ICMP ping
iptables -A FORWARD -s -d -p icmp --icmp-type echo-request -j ACCEPT

# to PC1 ICMP ping
iptables -A FORWARD -p icmp --icmp-type echo-request -s -d -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-request -s -d -j ACCEPT

# drop everything else
iptables -A INPUT -j DROP
iptables -A FORWARD -j DROP
iptables -A OUTPUT -j DROP
thank you
Old 04-11-2013, 03:17 AM   #2
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971
you're not doing any connection tracking. Whilst you're allowing an echo-request, you're not allowing the implicit response back. Did you delete the state rules that were probably there by default?
Old 04-11-2013, 08:33 AM   #3
LQ Newbie
Registered: Apr 2013
Posts: 2

Original Poster
Rep: Reputation: Disabled
will this fix that issue
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
and yes i delete all previous rules.

Old 04-17-2013, 12:09 PM   #4
LQ Newbie
Registered: Jun 2005
Location: Chicago
Distribution: Ubuntu Server & Debian 6
Posts: 23

Rep: Reputation: 1
Since the default policy is to drop everything, you need to also allow icmp echo-reply from destination to source.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Firewall iptables rule jitendra.sharma Linux - General 2 03-14-2013 05:53 AM
iptables: rule with RETURN target just after a rule with ACCEPT target Nerox Linux - Networking 6 09-04-2011 04:33 PM
[SOLVED] [FIREWALL] confused about setting up a specific rule using iptables cryptoboss Linux - Security 4 04-14-2011 10:22 AM
canceling all iptables rule withous diable firewall zodehala Linux - Networking 1 03-07-2009 11:59 AM
iptables firewall rule question xxrsc Linux - Networking 8 06-07-2006 03:57 PM

All times are GMT -5. The time now is 10:30 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration