IPTables Outgoing Traffic with Conntrack


#!/bin/bash

Outgoing port 81
$IPTABLES -A OUTPUT -p tcp –dport 81 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A INPUT -p tcp –sport 81 -s $MYIP -m conntrack –ctstate ESTABLISHED -j ACCEPT

Outgoing port 80 for User Account
$IPTABLES -A OUTPUT –match owner –uid-owner useraccount -p tcp –dport 80 -m conntrack –ctstate NEW,ESTABLISHED –sport 1024:65535 -j ACCEPT
$IPTABLES -A INPUT -p tcp –sport 80 –dport 1024:65535 -d $MYIP -m conntrack –ctstate ESTABLISHED -j ACCEPT

Default outgoing log + block rules
$IPTABLES -A OUTPUT -j LOG –log-prefix “BAD OUTGOING ” –log-ip-options –log-tcp-options –log-uid
$IPTABLES -A OUTPUT -j DROP

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s