Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Proper OUTPUT Chain on iptables
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Proper OUTPUT Chain on iptables

grimsdottirgrimsdottir Member
in Help

I'm still pretty new to firewalls in general. I understand all the basics and can view, add, remove, edit, export, import, flush, restore... all that good stuff. I'm to the point where I want to start really implementing rules and using iptables. I'm not using ufw at all either, I prefer to do it raw so I really understand whats happening.

At this point, I've got my INPUT chain set. Anything hitting my main VPS is only the traffic I expect to receive and is jumped to ACCEPT, all else is dropped.

I was hoping to get some thoughts behind the OUTPUT chain. What kinds of rules would you set up and why? If I'm in control of my server do I really need to setup outbound rules?

What are some common OUTPUT rules that you guys use? In what environment are these rules used? What are the thoughts behind these rule?

Comments

  • noamannoaman Member

    I am a Linux noob I prefer ufw firewall over iptables because it is very easy....you should too...

  • grimsdottirgrimsdottir Member

    @noaman said:
    I am a Linux noob I prefer ufw firewall over iptables because it is very easy....you should too...

    No, bad... bad

  • exception0x876exception0x876 Member, Host Rep, LIR

    Just leave the OUPUT chain with ACCEPT all policy. Usually you don't want to make a life harder for yourself. Unless you run some serious business app on your server. But then you should also configure SELinux that will prevent unauthorized apps to hit the Internet anyway.

    Thanked by 1grimsdottir
  • IkoulaIkoula Member, Host Rep

    I was about to make the same kind of answer as @exception0x876 made, if your server is clean and does not contain sensitive data you can open outbound trafic there is no big deal.

    On the other side if you want to secure it at all cost you can run a netstat command and only open the ports used by the services running on your server.

    Thanked by 1grimsdottir
  • gbshousegbshouse Member, Host Rep

    You can rate limit outgoing icmp, it helps in case of certain amp attacks

  • grimsdottirgrimsdottir Member

    So it sounds like I was on the right track with my original thought process.

    Thanks you guys.

  • globalRegistersglobalRegisters Member
    edited April 2016

    @grimsdottir said:
    I prefer to do it raw so I really understand whats happening.

    100% on the money...the only way to really know what is going on.
    And that should go for everything not just iptables.

    Personally, I set my default OUTPUT policy to DROP.

    I like to know and control everything that goes in and out of my servers.

    There are no common rules, it depends on what you are running on your server that you want to allow outbound communications.

    Thanked by 1grimsdottir
Sign In or Register to comment.