![]() ![]() When the default policy is DROP for INPUT and OUTPUT chains, for every incoming firewall rule, you need to specify the following two rules. The allow ssh incoming connection rule will not work anymore, because all the outgoing packets are dropped. # iptables -Līut there is a problem here. Now, if you add the allow ssh rule: “iptables -A INPUT -i eth0 -p tcp –dport 22 -j ACCEPT”, and do iptables -L, you’ll notice that it says “(policy DROP)” next to all the three chains. Iptables -A FORWARD -j DROP Option 2: Change the default chain policy to DROPĪt the beginning, execute the following three commands that will change the chain’s default policy to DROP. If you do this, the default chain policy is still ACCEPT, which shouldn’t matter, as you are dropping all the packets at the end anyway. Option 1: Add drop rulesĪt the end, add the following three drop rules that will drop all incoming, outgoing, and forward packets (except those that are defined above these three rules). ![]() # iptables -LĪCCEPT tcp - anywhere anywhere tcp dpt:ssh ![]() This indicates that the default chain policy is ACCEPT. However, we didn’t restrict the outgoing traffic.Īs you notice below, it says “(policy ACCEPT)” next to all the three chain names (INPUT, OUTPUT, and FORWARD). In the above 3 steps we dropped all incoming packets at the end (except incoming ssh). So, both the INPUT and OUTPUT chain’s default policy is ACCEPT. If you don’t what what a chain means, you better read our iptables introduction article. One problem with the above steps is that it doesn’t restrict the outgoing packets.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |