4

Why is Ubuntu permissive with outgoing connections by default?

view full story
linux-howto

http://askubuntu.com – I am pretty newbie to Linux, as most of computers for resources in my school use Linux, I just installed Ubuntu to learn. By default iptables and ufw sets policy as under: IPTABLES -P INPUT DROP IPTABLES -P FORWARD DROP IPTABLES -P OUTPUT ACCEPT ufw default deny (default incoming). In both cases, Linux all distros trust all applications including fames ftp, smtp, SSH, mail and all others allowing for outgoing traffic without notice or without concent. Which in turn leaves all 0-to-65535 ports open for outgoing traffic for all installed applications. Furthermore, there is no particular a (HowTos)

Songlist's picture
Submitted by Songlist on 01/21/2012 – Made popular on 01/21/2012

Stories similar to Why is Ubuntu permissive with outgoing connections by default?

[ubuntu] Iptables Help 30 weeks 3 days ago

I'm trying to set up iptables to block all traffic except ssh but, no matter what I do, it's blocking outgoing ssh. The commands that I'm using are shown below. Oddly, I can SSH into the box, just not out.

I used an online tool to create an iptables firewall. Basically I just need port 22 and 1194 open to the outside world. But I noticed this bash script has input, forward and output chains as accept by default. Is it blocking all traffic but those two ports? Thanks.

I'm trying to find out why changing my default iptables policy is affecting what nmap sees when it scans my host.

Consider the following iptables setup:

iptables -F iptables -A INPUT -p tcp -s 10.1.0.0/20 --dport 22 -j ACCEPT

iptables -P INPUT ACCEPT iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT

iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j AC

I'd like to allow mail through iptables and DROP policy but this script doesn't work what it is wrong here:

## FLUSH de reglas iptables -F

iptables -X

iptables -Z

iptables -t nat -F

## policy iptables -P INPUT DROP

iptables -P OUTPUT ACCEPT

iptables -P FORWARD DROP

# localhost iptables -A INPUT -i lo -j ACCEPT

# Allow my ip iptables -A INPUT -s MY_IP -j ACCEPT

# 80 port iptables -A I

I have following rules:

iptables -t filter -A OUTPUT -o $IFACE -p all -j DROP iptables -t filter -A OUTPUT -o $IFACE -p all -d $HOSTEXCEPTION -j ACCEPT

they drops all without excepting addresses.

With UFW, I disabled all outgoing and ingoing traffic by default. However, I do allow port 80 in and out:

sudo ufw default deny incoming (deny all incoming) sudo ufw default deny outgoing (deny all outgoing) sudo ufw allow in 80/tcp (accept all incoming tcp from port 80) sudo ufw allow out 80/tcp (accept all outgoing tcp to port 80)

Yet, the following commands don't seem to work.

I've just been wanting to share/discuss/improve my knowledge on iptables firewalls, so if you have any comments, critisms, or just ideas please comment.

Basic locked down workstation firewall. Only allows outgoing web browsing and pinging other machines.

Code: #!/bin/bash

## First, set default policy and flush existing rules.

Is there any difference in dropping not-matched packets with default policy vs -j DROP on the end?

Like:

iptables -P INPUT DROP iptables -A INPUT --dport 80 -j ACCEPT

vs

iptables -A INPUT --dport 80 -j ACCEPT iptables -A INPUT -j DROP

The reason why I care is because I can't create chain with log and assing it as default policy so I would need to use the second example.

I have these drop rules:

iptables -t mangle -P FORWARD DROP iptables -P FORWARD DROP

iptables -t mangle -P INPUT DROP iptables -P INPUT DROP

iptables -t mangle -P OUTPUT DROP iptables -t nat -P OUTPUT DROP iptables -P OUTPUT DROP

iptables -t nat -P PREROUTING DROP iptables -t mangle -P PREROUTING DROP

iptables -t nat -P POSTROUTING DROP iptables -t mangl