Change iptables Default Policy to DROP

FREQUENTLY ASKED QUESTIONS (Firewall/iptables)
Q: How to change iptables default policy to DROP?



Default Iptables Chain Policy
The Default linux iptables chain policy is ACCEPT for all INPUT, FORWARD and OUTPUT policies. You can easily change this default policy to DROP with below listed commands.
You must login as a root user to run all the commands.
[root@server ~]# iptables -P INPUT DROP
[root@server ~]# iptables -P FORWARD DROP
[root@server ~]# iptables -P OUTPUT DROP


After changing the INPUT, FORWARD, OUTPUT policies to DROP, All the incomming/outgoing/forwarding connections are dropped(Denied) by firewall. So you need to open every  INPUT, FORWARD, OUTPUT connections in firewall/iptables with rules. If you change the default OUTPUT policy to DROP you cannot communicate with other systems/networks .


Allow All Outgoing connections
Allow all outgoing connections from the Linux machine. This applicable to all connections/packets generated from the system itself.
[root@server ~]# iptables -A OUTPUT -j ACCEPT


[root@server ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]


[root@server ~]# service iptables restart

iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]

Open Ports for incoming connections
For example open port 21 in iptables for allowing ftp connections from all networks.
[root@server~]# iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT


[root@server ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]


[root@server ~]# service iptables restart

iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]

Related Posts:

Was this helpfull ?

0 comments:

Related Posts Plugin for WordPress, Blogger...

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Bluehost Coupons