iptables block everything except http

Posted by arminb on Super User See other posts from Super User or by arminb
Published on 2012-11-14T15:29:51Z Indexed on 2012/11/14 17:07 UTC
Read the original article Hit count: 211

Filed under:

linux

|

linux-mint

|

iptables

I'm trying to configure my iptables to block any network traffic except HTTP:

iptables -P INPUT DROP #set policy of INPUT to DROP
iptables -P OUTPUT DROP #set policy of OUTPUT to DROP

iptables -A INPUT -p tcp --sport 80 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT

The iptables output (iptables -L -v) gives me:

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    4   745 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp spt:http state RELATED,ESTABLISHED

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    2   330 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:http state NEW,ESTABLISHED

When I try to wget 127.0.0.1 (yes i do have a web server and it works fine) i get:

--2012-11-14 16:29:01--  http://127.0.0.1/
Connecting to 127.0.0.1:80...

The request never finishes. What am I doing wrong? I'm setting iptables to DROP everything by default and add a rule to ACCEPT HTTP.

© Super User or respective owner

Related posts about linux

apt-get install and update fail

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I've got a problem with apt-get update and apt-get install ... commands . every time update or installing fails and errors are : Get:1 http://dl.google.com stable Release.gpg [198B] Ign http://dl.google.com/linux/chrome/deb/ stable/main Translation-en_US Get:2 http://dl… >>> More
kernel module compiling error

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
sh@ubuntu:/home/ccpp/helloworld$ make gcc-4.6 -O2 -DMODULE -D_KERNEL_ -W -Wall -Wstrict-prototypes -Wmissing-prototypes -isystem /lib/modules/`uname -r`/build/include -c -o hello-1.o hello-1.c hello-1.c:4:0: warning: "MODULE" redefined [enabled by default] <command-line>:0:0: note: this is… >>> More
Build-Essentials installation failing

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I am having trouble accessing the several critical header files that show to be a part of the build process. The "Ubuntu Software Center" shows "Build Essentials" as installed: Next I did the following two commands, which did not improve the problem: ~$ sudo apt-get install build-essential [sudo]… >>> More
Updating Debian kernel

as seen on Super User - Search for 'Super User'
I'm trying to update my Debian machine to 2.6.32-46 (which is the new stable). However, after doing apt-get update my apt-cache search linux-image shows me: linux-headers-2.6.32-5-486 - Header files for Linux 2.6.32-5-486 linux-headers-2.6.32-5-686-bigmem - Header files for Linux 2.6.32-5-686-bigmem linux-headers-2… >>> More
Serial connection over a single USB cable (Windows to linux, or linux to linux)

as seen on Server Fault - Search for 'Server Fault'
I'm helping out with a project for an embedded device that only has USB and no serial. This device is running Linux. These days, when we need to connect to a serial port on a device we typically use a USB to serial adapter (on something like a phone system or a load balancing device, etc). I would… >>> More

Related posts about linux-mint

Linux Mint vs Kubuntu

as seen on Super User - Search for 'Super User'
I'm currently running Kubuntu Karmic Koala and are eager to upgrade to 10.04 the end of the month. But I've also spotted Linux Mint and heard a couple of good things about it. It looks snazzy but I was wondering how it compares to Ubuntu/Kubuntu. For those that ran both can you provide some pros and… >>> More
How do I install fonts on Linux Mint?

as seen on Super User - Search for 'Super User'
I have some external fonts called Eaglefeather (Frank Lloyd Wright fonts) and I want to install them on to my Linux machine running Linux Mint 7 (Ubuntu based). I can't seem to get them to install which looks to me like just copying them to the /usr/local/share/fonts directory. >>> More
Linux Mint 8 KDE Review

as seen on Internet.com - Search for 'Internet.com'
<b>Desktop Linux Reviews:</b> "I’ve been somewhat tardy in getting to the KDE version of Linux Mint 8. But I’ve finally been able to sit down with it and thus couldn’t resist writing a review." >>> More
Linux Mint 8 LXDE CE Review: LXDE Done Right

as seen on Internet.com - Search for 'Internet.com'
<b>The Linux Critic:</b> "Ever since I got up close and personal with LXDE a few months ago, I’ve had my eye out for a distro that had a solid instance of LXDE as its default desktop environment. LXDE is getting more press and more attention, but the number of distros that… >>> More
Linux Mint 13 64bit Cinnamon and Oracle Virtualbox: 3d acceleration crash

as seen on Super User - Search for 'Super User'
I've recently got an interest in Linux. After some research, it looks like Linux Mint 13 cinnamon is hot and I thought I'd try it out... I'm running Windows 7 64bit and have experience with Oracle Virtual Box. So I thought it would be a good idea to try out Linux Mint inside Virtual Box. I download… >>> More