Hello all.
I use below iptables command :

# iptables -F INPUT
# iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
# iptables -A INPUT -j REJECT

but some programs like tor that use 127.0.0.1 not worked . How can I block all incoming connection without lost localhost.

Thank you.

You add a rule to allow things to that address, on that port, or take that rule out. What are you trying to accomplish with that rule??? And AGAIN, as with most of your threads, you provide NO USEFUL INFORMATION. The same questions apply as they do for every question:

• Verion/distro of Linux
• What you're trying to accomplish
• What you've done/tried so far.

Since you rarely reply to threads or answer questions, it's difficult to put much effort into guessing about answers.

1 members found this post helpful.

I use debian and want to block all incoming connection to my PC. When I use some App like Tor or etc that need 127.0.0.1, They never worked . How can block incoming connection without lost 127.0.0.1


Thanks.

sorry i don't many work ip tables but
you can bock incoming by this commad (you don't block 127.0.0.1)

if my answer is not true sorry my friend

You don't 'block' 127.0.0.1...if you don't want people connecting to your system, then DON'T RUN SERVICES that allow connections. If you don't allow SSH connections from anywhere else, there's no need to 'block' it...same with FTP, HTTP, or any OTHER protocol. You secure those services one by one, providing you run them at all.

If all you're doing is connecting outwards, then you have nothing to 'block'.

can you show me some insecure service to Block ?

It is not True and after it I can't ping 127.0.0.1

AGAIN, if you don't RUN the service, you don't need to BLOCK the service, do you???? ANY service can be 'insecure' and vulnerable...don't run them if you don't need them, period.

Also, AGAIN, as with most of your other threads, you STILL don't say what you're trying to accomplish, or answer questions asked of you.

ok

how this?

plz tell me you can ping or no

plz send email for me :dr98mav@gmail.com

You need a rule to let answer packages in, to let localhost packages in, and to drop anything else:

Thank you so much. I can't ping 127.0.0.1

The second rule should take care of this. What is your OUTPUT policy? Is it ACCEPT? Are there other rules in the OUTPUT chain? What is the exact output of ping? And does ping work if you change the INPUT policy to ACCEPT?

Another possibility for the second rule would be

..if your local interface is named "lo".

Also, can you post the output of

I want to use Tor but i don't lock to open input to my system.

iptables -F
iptables -X

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 6667 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 6697 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 9050 -j ACCEPT

iptables -A INPUT -j DROP
iptables -A OUTPUT -j DROP


I use above commands but I can't ping my local network or use "rdesktop" command . How can I solve it? I use Debian.

How do you ping your machine? Do you ping it on IP address or on name?

Also your rules only accept incoming traffic on lo interface but not outgoing on lo. Thus after "iptables -A INPUT -i lo -j ACCEPT" add: "iptables -A OUTPUT -i lo -j ACCEPT"
Nother thing are your last two lines "iptables -A INPUT -j DROP; iptables -A OUTPUT -j DROP". You allready set this at the start. Also it wont hurt its just not needed.