Linux – IPTABLES: Flushing & starting from scratch over SSH – VPS – CentOS 5.5 x86_64

centosiptableslinuxsshvps

I have a VPS with a hosting company so I remotely access it via SSH.
I'm trying to flush all the iptables rules and start from scratch… The problem is that when I type # iptables INPUT DROP (as I wan't to block all incoming and whitelist) then PuTTY drops out and I can't connect.

How can I do this without being booted out by CentOS when I type that command.

Or is there another way to do it.

Thanks

Best Answer

You need to make sure that your existing connections stay open when you add that rule.

-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT

Then add your allow list below this, and finally add a drop line to the END of the INPUT chain

-A INPUT -j DROP

A good read/tutorial for you to start with would be: here

Related Solutions

Ssh – iptables rules to block ssh remote forwarded ports

Would it not be easier to switch off ssh forwarding on the ssh server? Just change AllowTcpForwarding from yes to no in your /etc/ssh/sshd_config. If this doesn't suit, you could try something along the lines of

iptables -A OUTPUT -o eth1 -p tcp --cmd-owner "sshd" -j DROP

Linux – wget blocked by iptables in CentOS 5.5 and iptables 1.3.5

you dont have any rules in the OUTPUT chain and the default policy for it is DROP, so the initial tcp packets sent by your system when you try to open http or smtp connection get dropped. You need to add rules like these to permit outbound http and smtp for wget and email:

iptables -A OUTPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT

iptables -A OUTPUT -p tcp --dport 25 -m state --state NEW -j ACCEPT

you can consolidate them into one rule using multiport:

iptables -A OUTPUT -p tcp -m multiport --dports 25,80 -m state --state NEW -j ACCEPT

Best Answer

Related Solutions

Ssh – iptables rules to block ssh remote forwarded ports

Linux – wget blocked by iptables in CentOS 5.5 and iptables 1.3.5

Related Topic