I'm using ipset module for iptables to allow only specific IPs in incoming traffic.
Here I have allowed only 2 Ips. Only these two IPs can connect to my server
However, if I do wget 142.250.195.46 it stuck on connecting to...
Here are the rules. I have allowed all outbound traffic.
iptables -I INPUT -i lo -j ACCEPT
iptables -I OUTPUT -o lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p tcp -d 0/0 -m multiport --dport 25,80,443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 -m multiport --sport 25,80,443 -m state --state ESTABLISHED -j ACCEPT
ipset create wl nethash
ipset add wl 142.250.195.46/32
ipset add wl 49.34.83.27/32
iptables -A INPUT -m set --match-set wl src -j ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
Output of iptables -S
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m multiport --sports 25,80,443 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -m set --match-set wl src -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT
-A OUTPUT -p tcp -m multiport --dports 25,80,443 -m state --state NEW,ESTABLISHED -j ACCEPT
I can't connect to any website using wget or curl
What could be the possible issue ?
