Simple iptables script problem.
I'm attempting to create an iptables script for a workstation. At the end I intend to be able to allow more services, but at the moment I'm trying to make it so that the workstation can just surf the net. I have the following script:
#!/bin/bash
#Initial Flush
/sbin/iptables -F
#Default Rule. Drop all incoming packets, allow all outgoing.
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT DROP
#Loopback Rule. Allow all traffic for loopback testing purposes.
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
#Test.
/sbin/iptables -A INPUT -i eth0 -p TCP --dport 80 -j ACCEPT
/sbin/iptables -A OUTPUT -o eth0 -p TCP --sport 80 -j ACCEPT
#Allow Services Rule.
/sbin/iptables -A OUTPUT -o eth0 -p TCP --sport 32768:61001 --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p TCP --dport 32768:61011 -j ACCEPT
Now, when this script is run, I can access the Internet but only through IP addresses, no domain names. Do I have to open UDP stuff for DNS to be able to work? And, is there a simpler way of implementing this service without using the port range referrences?
Many thanks
Rookie.
|