iptables rule to allow all outbound locally originating traffic?

iptables

I was wondering if someone could help me with the following iptables rule:

We would like to allow ANY and ALL locally originating (as in, on the server running iptables) traffic.

DNS, HTTP, etc... all of it. Any connection initiated by the server running iptables should be allowed.

Currently we are using basically OUTPUT default policy, ACCEPT. Is this correct? Inputs are blocked, so I am assuming this means that the connections (except those we allow) cannot be started because they will be dropped before our side can hit the OUTPUT policy?

Sorry, my iptables skills are weak ;)

Thank you kindly.


You need two rules to do that:

iptables -I OUTPUT -o eth0 -d 0.0.0.0/0 -j ACCEPT
iptables -I INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

Some notes.

  • Preexisting rules that you may have may do this already, but look different.
  • This uses -I to force these rules to be first. iptables rules are evaluated top down.
  • The -o and -i flags mean "out" and "in" respectively. Replace eth0 with the proper ethernet interface name.

Related

nginx projects in subfolders
improve our deployment strategy
Install drivers for Brother MFC 7360N printer/scanner/fax
Can't boot Ubuntu after setting up partitions manually during installation
Ubuntu 12.04 installer doesn't detect Windows partitions, but I can see them in "Try Ubuntu"
How to delete a file from the GRUB terminal?
How to install visual-python on ubuntu 20.04.3 Lts? [duplicate]
How to solve unmet dependency because of broken package? [duplicate]
Why doesn't the Minimal image support UEFI?
USB 2-1 Over-Current message
How to fix `Unexpected input report number 128` spam in logs?
Copy only files from a list into a new directory from a large directory structure