I've just installed debian-9 and trying to setup the iptables so that only root is able to access the internet and nobody else. I've created the following rules for that:
Code: Select all
#allow dns
iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
#allow http and https
iptables -A OUTPUT -p tcp --dport 80 -m owner --gid-owner root -j ACCEPT
iptables -A OUTPUT -p tcp --dport 443 -m owner --gid-owner root -j ACCEPT
#Set default policy to deny all traffic
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
Code: Select all
sudo telnet google.com 80
Code: Select all
0% [Connecting to debian.gtisc.gatech.edu (128.61.240.89)] [Connecting to security.debian.org (150.203.164.61)] [Connecting to prod.debian.map.fastly.net (151.101.8.20
Code: Select all
iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT