Thibauld - Imagination and Execution -

5Feb/100

Configuring iptables to allow internet surfing while blocking all unsolicited incoming connexions

RT @thibauld Configuring iptables to allow internet surfing while blocking all unsolicited incoming connexions

I'm so used to connect to the Internet through network masquerading (NAT) that I was really surprised today when I realised that my laptop was actually receiving a lot of unsollicited connexions attempts from random external machines. Then I remembered that, by default, a freebox gives you a public ip !

It could not have been an issue if I was not doing web development on my laptop using a local (badly configured) webserver which happened to be worldwide accessible... oOops :)

A few iptables commands later, everything was secured :

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -j ACCEPT

The above lines configure iptables (the firewall) to drop every incoming connexions except the ones corresponding to a connexion I established with a remote server. Indeed, the server you're connecting to needs to be able to send information back to your machine in order for you to get it (blocking all incoming traffic is the same as unplugging the network connection).

I thought it might be useful to some of you too...

Tagged as: , , Leave a comment
Comments (0) Trackbacks (0)

No comments yet.


Leave a comment


No trackbacks yet.

« Moblin and Maemo projects are merging Google real time search results »

Recent Posts

Recent Comments

Categories

Archives

Blogroll