LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 01-01-2007, 01:17 AM   #1
CrEsPo
Member
 
Registered: Apr 2005
Location: Canada
Distribution: Slackware 12
Posts: 184

Rep: Reputation: 30
Only allow outbound connections


I want to block all incoming and forwarding connections, except those necessary for everyday use. I had tried that, but it I lose connection to the internet, so obviously there are some exceptions, what are they? I thought just blocking them would be enough, but I need some exceptions .

In summary, I'm looking for exceptions that will allow me to connect to the internet with minimal exceptions used. If it helps, the laptop uses DHCP and uses a network printer. That's pretty much the only things I would see being needed. Any help is greatly appreciated.
 
Old 01-01-2007, 02:08 AM   #2
bosewicht
Senior Member
 
Registered: Aug 2003
Location: Honolulu, HI
Distribution: Arch
Posts: 1,380

Rep: Reputation: 47
Have you looked into iptables? how are you trying to limit connectivity?
 
Old 01-01-2007, 02:28 AM   #3
CrEsPo
Member
 
Registered: Apr 2005
Location: Canada
Distribution: Slackware 12
Posts: 184

Original Poster
Rep: Reputation: 30
Sorry, that was what I meant. I want to do this using iptables. I tried using "iptables -P INPUT DROP" and "iptables -P FORWRAD DROP", but I lost connectivity to the internet, so obviously their are some exceptions which I'm not sure of.
 
Old 01-01-2007, 03:37 AM   #4
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by CrEsPo
Sorry, that was what I meant. I want to do this using iptables. I tried using "iptables -P INPUT DROP" and "iptables -P FORWRAD DROP", but I lost connectivity to the internet, so obviously their are some exceptions which I'm not sure of.
well, the FORWARD rule is unrelated if you're not doing forwarding - and it doesn't sound like you are... but check with a:
Code:
cat /proc/sys/net/ipv4/ip_forward
as for the "iptables -P INPUT DROP", you are correct in that you'd need a couple rules in order for that to work... they are:
Code:
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
just my ...
 
Old 01-01-2007, 12:54 PM   #5
CrEsPo
Member
 
Registered: Apr 2005
Location: Canada
Distribution: Slackware 12
Posts: 184

Original Poster
Rep: Reputation: 30
Thank-you, worked like a charm and it's exactly what I needed . Thanks again .
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Weird: Mandrake 10 will not make outbound connections, rest is fine icarus24 Linux - Networking 0 11-21-2006 05:54 PM
programs making outbound connections six6 Debian 2 11-04-2004 12:04 AM
cannot make outbound anonymous ftp connections kvankawala Linux - Software 1 03-23-2004 01:30 PM
suspicious outbound connections di11rod Linux - Networking 13 01-23-2004 03:55 AM
Outbound Firewall Collapse Linux - Software 2 04-14-2003 12:24 PM


All times are GMT -5. The time now is 08:02 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration