Mailinglist Archive: opensuse-security (49 mails)

< Previous Next >
Re: [opensuse-security] close outgoing ports
  • From: Boyan Tabakov <blade.alslayer@xxxxxxxxx>
  • Date: Sat, 9 Dec 2006 17:28:03 +0200
  • Message-id: <200612091728.08226.blade.alslayer@xxxxxxxxx>
On 9.12.2006 16:36, Majkl wrote:
> HI!
> I want to close on my fresh SuSE 10.2 all new outgoing connections.
> I want only to allow SMTP and SSH to machine and none of the things to go
> out (updates, new ssh connections, etc...)
> How this can be done? Yast? sysconfig/...
> Thanks.

An iptables rule should be specified manually, because the gui for SuSE
Firewall does not allow you to block outgoing traffic.

Here is how you can do this: (quoting one Benjamin Weber's previous post):

"If you want to load custom iptables rules into SuSEfirewall2 uncomment the


line in /etc/sysconfig/SuSEfirewall2 and then put your iptables rules into
the appropriate hook in /etc/sysconfig/scripts/SuSEfirewall2-custom."

Now the rules you need should look like this:

iptables -t filter -I OUTPUT -j DROP
iptables -t filter -I OUTPUT -p tcp --dport 25 -j ACCEPT
iptables -t filter -I OUTPUT -p tcp --dport 22 -d <destination host ip> -j

Note that these rules will cut off DNS requests, so when you try to connect to
SMTP or SSH, you'll have to specify the server by ip. To allow DNS, add the
following rules to the top:

iptables -t filter -I OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -t filter -I OUTPUT -p udp --dport 53 -j ACCEPT

Have in mind that the order in which you add the rules is significant. (See
the -A and -I options of iptables in the manual page.)

For more information on firewall's rules see the manual page of iptables.

There was a nice discussion on this list called "Detecting Brute-Force and
Dictionary attacks". There you can find some more tricks that you can do with

Blade hails you...

Ruling with the scythe of death you tear out philosophies apart
An ancient starwalk to merge into the stars
< Previous Next >
List Navigation
Follow Ups