Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
# iptables -F INPUT
# iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
# iptables -A INPUT -j REJECT
but some programs like tor that use 127.0.0.1 not worked . How can I block all incoming connection without lost localhost.
You add a rule to allow things to that address, on that port, or take that rule out. What are you trying to accomplish with that rule??? And AGAIN, as with most of your threads, you provide NO USEFUL INFORMATION. The same questions apply as they do for every question:
Verion/distro of Linux
What you're trying to accomplish
What you've done/tried so far.
Since you rarely reply to threads or answer questions, it's difficult to put much effort into guessing about answers.
I use debian and want to block all incoming connection to my PC. When I use some App like Tor or etc that need 127.0.0.1, They never worked . How can block incoming connection without lost 127.0.0.1
I use debian and want to block all incoming connection to my PC. When I use some App like Tor or etc that need 127.0.0.1, They never worked . How can block incoming connection without lost 127.0.0.1
You don't 'block' 127.0.0.1...if you don't want people connecting to your system, then DON'T RUN SERVICES that allow connections. If you don't allow SSH connections from anywhere else, there's no need to 'block' it...same with FTP, HTTP, or any OTHER protocol. You secure those services one by one, providing you run them at all.
If all you're doing is connecting outwards, then you have nothing to 'block'.
AGAIN, if you don't RUN the service, you don't need to BLOCK the service, do you???? ANY service can be 'insecure' and vulnerable...don't run them if you don't need them, period.
Also, AGAIN, as with most of your other threads, you STILL don't say what you're trying to accomplish, or answer questions asked of you.
The second rule should take care of this. What is your OUTPUT policy? Is it ACCEPT? Are there other rules in the OUTPUT chain? What is the exact output of ping? And does ping work if you change the INPUT policy to ACCEPT?
The second rule should take care of this. What is your OUTPUT policy? Is it ACCEPT? Are there other rules in the OUTPUT chain? What is the exact output of ping? And does ping work if you change the INPUT policy to ACCEPT?
Another possibility for the second rule would be
Code:
iptables -A INPUT -i lo -j ACCEPT
..if your local interface is named "lo".
Also, can you post the output of
Code:
ifconfig -a
I want to use Tor but i don't lock to open input to my system.
How do you ping your machine? Do you ping it on IP address or on name?
Also your rules only accept incoming traffic on lo interface but not outgoing on lo. Thus after "iptables -A INPUT -i lo -j ACCEPT" add: "iptables -A OUTPUT -i lo -j ACCEPT"
Nother thing are your last two lines "iptables -A INPUT -j DROP; iptables -A OUTPUT -j DROP". You allready set this at the start. Also it wont hurt its just not needed.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.