firewall script

dlugasx · 02-02-2011, 07:55 AM

Hi Gurus,

I have a problem with my firewall script.

Code:

#!/bin/sh

# Flushing all rules
iptables -F
iptables -X

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

iptables -P INPUT DROP
iptables -P OUTPUT DROP

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT


# OPEN PORTS

#SMTP port 25
iptables -A INPUT -p tcp --dport 25 -j ACCEPT

#SMTP port 993
#iptables -A INPUT -p tcp --dport 993 -j ACCEPT

#SMTP port 995
#iptables -A INPUT -p tcp --dport 995 -j ACCEPT

#SMTP port 110
iptables -A INPUT -p tcp --dport 110 -j ACCEPT

#SMTP port 143
iptables -A INPUT -p tcp --dport 143 -j ACCEPT

#HTTP port 80
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p udp --dport 80 -j ACCEPT

iptables -A INPUT -p tcp --dport 443 -j ACCEPT

Could You please tell me why ping google.com(from command line) doesnt work ?
It looks like my firewall blocking something which is responsible for name resolving. What should I change to have possibility for pinging ?

Dlugasx

Oliv' · 02-02-2011, 09:44 AM

Hello,

Well it simply does not work because you told your firewall to drop every outgoing and incoming packets by default and you have never setup a rule like:

Code:

iptables -A OUTPUT -p icmp --icmp-type 8 -s $SERVER_IP -d 0/0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 0 -s 0/0 -d $SERVER_IP -m state --state ESTABLISHED,RELATED -j ACCEPT

to enable ICMP requests.

Regards,

Oliv'