firewall configuration

[jeromeb]

Hi,

is it possible to have better configuration on iptables firewall.
I don't see how configure rules when I block all to have all outgoing open (with statefull connection)

Could we hade local rules with some scripts or something like that ?

Regards,

[Djuuu]

Actually, the outgoing connections don't seem to be filtered :

Code: Select all

root@dju-nas:~ # iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             multiport dports netbios-ns,netbios-dgm,netbios-ssn,445
ACCEPT     tcp  --  anywhere             anywhere             multiport dports www,https
ACCEPT     tcp  --  anywhere             anywhere             multiport dports ssh
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

The problem is that there is no rule for RELATED/ESTABLISHED connections in the ACCEPT chain. Which means you can send requests outside, but the related responses are filtered
That is why ADM update, App central and basically every application with outgoing traffic are broken with the firewall on, unless you also add specific rules for each destination IP on all ports.

[Djuuu]

Also, adding the rule that would solve the problem is impossible :

Code: Select all

root@dju-nas:~ # iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables: No chain/target/match by that name.

I guess some kernel modules are missing.