Wiki‎ > ‎

Ginger iptables outbound rules

posted Nov 6, 2017, 12:39 PM by Dong Xu

-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 67 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 68 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 3389 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 3306 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 8000 -j ACCEPT
-A OUTPUT -j DROP

-------------------------

Adding an Output port to Ginger: Live

  1. Determine where to insert port: sudo iptables --line-numbers -L OUTPUT
  2. Look for the line number of the last statement. (Should be the drop statement.)
  3. sudo iptables -I OUTPUT <number from step 2> -p <tcp/udpl> --dport <port> -j ACCEPT

Adding an Output port to Ginger: Permanent
  1. sudo vi  /etc/iptables/rules.v4
  2. Add -A OUTPUT -p <tcp/udp> -m <tcp/udp> --dport <port> -j ACCEPT just before the -A OUTPUT -j DROP line.


Comments