Unix & Linux Asked by steve antwan on December 15, 2021
I have a type of linux that I only want to use for SSH to other machines. I’m trying to block outbound traffic to prevent auto-updates, viruses, etc.
I can use this to block all traffic except for those on the loopback interface going back into the localhost:
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
Now how do I allow only SSH traffic out of this interface still? Just keeping port 22 open would be fine as well (non-specific to SSH protocol).
Will I be able to use an X server on the remote machine?
Here's a minimal iptables config:
iptables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -P OUTPUT DROP
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT
This will allow to connect only by IP address.
In case you want to enable DNS resolutions add these two rules:
iptables -A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT
iptables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
If you know your DNS servers IP addresses, then it makes sense to allow connections only to them. Add to the above two commands -d DNS_IP_ADDRESS, e.g. iptables -A OUTPUT -d 1.2.3.4 -p tcp -m tcp --dport 53 -j ACCEPT
Answered by Artem S. Tashkinov on December 15, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP