Join Log in
Score:0
avatar Server

No internet access after config iptables

id flag
user406126

After that configuration:

iptables -P INPUT DROP
iprables -A INPUT -j DROP
iptables -P OUTPUT ACCEPT
iptables -A OUTPUT -j ACCEPT

Now can't access internet normally or through VPN. What's wrong?

563
1 + 0
Score:2
vidarlo avatar Server
ar flag
vidarlo

Now can't access internet normally or through VPN. What's wrong?

You told your computer to drop any and all incoming packages. It's doing that. Nothing is wrong, but you told your computer do something which obviously is not what you want.

After setting the default target to DROP, you'll have to add allow rules to allow certain kinds of traffic. This may for instance be established connections:

iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

Which will roughly speaking allow answers to outgoing connections. As you don't state what you want to achieve, any more accurate answers is impossible. But a suggestion would be to look into e.g. ufw, as it hides some of the complex magic from you.

0 + 7
id flag
user406126
thx for answer, my intention is normal user => none can access the machine but I can navigate through the web
0
Reply
vidarlo avatar
ar flag
vidarlo
If you don't have a fair understanding of how TCP/IP works, you should stay with tools such as `ufw` that hides the details from you. Raw iptables rules requires knowledge of how the protocols works.
0
Reply
id flag
user406126
I got basic notions. Im under cyberbullying since 4 years. Discovered yesterday that my ufw were allowing all traffic. Supposed that have been hacked so moved to iptables to do it manually. If can give any advice or resource it would be great.
0
Reply
vidarlo avatar
ar flag
vidarlo
UFW is a frontend for iptables. It only helps you configure sane settings in a friendly manner; it relies on iptables for actually handling the traffic.
0
Reply
id flag
user406126
thank you. I thought that if set OUTPUT to ACCEPT it allow me. Now with the command you shared can, hope that my machine will be protected now.
0
Reply
vidarlo avatar
ar flag
vidarlo
Based on your other threads on Unix SE: Consider educating yourself on the operating system you're using; I'm tempted to believe that the *hacking* you're claiming is the result of your own actions, and not any malicious third party.
1
Reply
id flag
user406126
Have did a bit of research; Can tell me what difference between <conntrack> & <state>, && <--ctstate> & <--state>? Thank you.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.