iptables to allow only ssh and https

ssh linux https firewall iptables

I'm trying to configure the iptables on my device in order to allow only SSH and HTTPS traffic. In particular, the HTTPS protocol is used to call some REST API toward a remote server from a java client.

This is my iptables:

iptables -F

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

#SSH
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT

#DNS
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT

#HTTPS
iptables -A OUTPUT -p tcp --sport 443 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT

Everything works as expected, except for HTTPS traffic, which is blocked by iptables.

What i made wrong?


Do not block all the outbound rule, it will not choose port 443 as a source to get data from other server. And I think blocking inbound rules are pretty enough to ensure your server security. Rest is all Good. You can use below rules if you want.

iptables -F
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -j DROP

Related

Windows 10 Kiosk Modus with Custom shell
Is windows docker images the same with windows container images?
How to do offsite AWS RDS PostgreSQL backups?
Rule for when to use AWS service vs. rolling your own?
Converting SSH command to a PuTTY command
Cannot view or map drives by host shortname
Installing rpm-package to systemd?
How does CSV cache behave under memory load?
VMWARE Guest Storage VMDK vs RDM-V vs RMD-P
UDP hole punching still required in IPv6, even without NAT?
How can i check software version with Ansible?
How does one close all _existing_ TCP connections on some ports using IPTables?