I have four interfaces on my system (eth0, eth1, eth2, and eth3). I want to block all incoming and outgoing traffic on eth2 except for port 80 and 443, although I'm only worrying about 80 right now. The IPtables commands I'm using are as follows:
/sbin/iptables -A FORWARD -i eth2 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -o eth2 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -i eth2 -p tcp --dport 53 -m state --state NEW -j ACCEPT
/sbin/iptables -A OUTPUT -o eth2 -p tcp --sport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -i eth2 -p udp --dport 53 -m state --state NEW -j ACCEPT
/sbin/iptables -A OUTPUT -o eth2 -p udp --sport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i eth2 -j DROP
/sbin/iptables -A FORWARD -o eth2 -j DROP
Quite simply, this isn't working. All traffic on eth2 is blocked including that on port 80. Any ideas or ways to probe for where the problem lies? I have minimal experience with IPtables so I'm not sure where to start. Thanks!
Answer
It now looks like you were allowing the traffic all along.
No comments:
Post a Comment