TransWikia.com

Block all outgoing network requests except SSH

Unix & Linux Asked by steve antwan on December 15, 2021

I have a type of linux that I only want to use for SSH to other machines. I’m trying to block outbound traffic to prevent auto-updates, viruses, etc.

I can use this to block all traffic except for those on the loopback interface going back into the localhost:

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

Now how do I allow only SSH traffic out of this interface still? Just keeping port 22 open would be fine as well (non-specific to SSH protocol).

Will I be able to use an X server on the remote machine?

One Answer

Here's a minimal iptables config:

iptables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -P OUTPUT DROP
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT

This will allow to connect only by IP address.

In case you want to enable DNS resolutions add these two rules:

iptables -A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT
iptables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT

If you know your DNS servers IP addresses, then it makes sense to allow connections only to them. Add to the above two commands -d DNS_IP_ADDRESS, e.g. iptables -A OUTPUT -d 1.2.3.4 -p tcp -m tcp --dport 53 -j ACCEPT

Answered by Artem S. Tashkinov on December 15, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP