iptables rule to allow all outbound locally originating traffic?
I was wondering if someone could help me with the following iptables rule:
We would like to allow ANY and ALL locally originating (as in, on the server running iptables) traffic.
DNS, HTTP, etc... all of it. Any connection initiated by the server running iptables should be allowed.
Currently we are using basically OUTPUT default policy, ACCEPT. Is this correct? Inputs are blocked, so I am assuming this means that the connections (except those we allow) cannot be started because they will be dropped before our side can hit the OUTPUT policy?
Sorry, my iptables skills are weak ;)
Thank you kindly.
You need two rules to do that:
iptables -I OUTPUT -o eth0 -d 0.0.0.0/0 -j ACCEPT
iptables -I INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
Some notes.
- Preexisting rules that you may have may do this already, but look different.
- This uses
-I
to force these rules to be first.iptables
rules are evaluated top down. - The
-o
and-i
flags mean "out" and "in" respectively. Replaceeth0
with the proper ethernet interface name.