Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Network name doesn't mean interface name. It simply means that you can specify a mask. For instance, 10.0.0.0/24. -i (in) or -o (out) work with interface names - depending on how the data flows.
Please don't write a post for each idea you're coming up with. Just edit the initial post or wait for the answer. You've already stated three different things.
INPUT chains refers only to packets received by the server itself. You don't use INPUT if you want your machine to act as a router (forwarding packets), which you seem to imply in your last post. So what are you trying to do exactly? Is this a web server that you'd like to access only from your LAN? If that's the case, then I don't understand what you mean by going from internal to wan. It should be only internal and that's that.
INPUT only works with -i, because you're receiving packets through an interface. OUTPUT goes with -o.
I've no idea what pi hole is. I just did a quick search on the internet - some advertisment stuff. How would anyone know where you'd like it to listen? WAN is internet, LAN is your private network. You're jumping from one thing to another and you haven't reacted to either of my posts and you probably haven't tried anything after my suggestions.
Having quickly read (again) about pi hole, I understand that it works as a DNS server which filters ads by simply dropping packets from ad servers (kind of like OpenDNS). This has nothing to do with allowing ports 80, 443 in iptables. The only thing you need to do is to allow udp, tcp port 53 in lan (which I'm guessing is already allowed, but to answer your question, yes, allow it on LAN, not WAN - unless you're looking to access it from the internet, which I doubt) and then set up your computers to use the pi hole as the DNS server. Then it should works directly. Ideally, you could simply add the pi-hole ip on your dhcp server (probably included in your home router) as the single DNS server used by your network devices, so that you don't need to manually configure each - especially the phones which would be somewhat harder and annoying to do.
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
x x ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
x x ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
Do you believe it is another rule, in addition to the rule, that is causing the external ip to load the webpage?
Well I would strongly suggest at least learning the basics of iptables. For instance, here: https://www.digitalocean.com/communi...s-and-commands
The rule you're trying to add doesn't have much of an impact, because you're already allowing everything. You should either change your INPUT policy to DROP, or add an explicit reject/drop rule at the end of your chain. You might also want to add ssh access (at least from the LAN?) to it. So you'd need udp/tcp 53 and tcp 22, 80, 443.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.