IPTables for Outbound Connections

IPTables is an application that installed by default with Linux distributions. It works much the same way as Access Control Lists if you are familiar with networking equipment like Cisco Routers.

This guide will give you an overview of how to block incoming connections whilst still allowing established outbound connections.

Steps

1. Check if you have any rules in place already. Type $ iptables ­L

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

2. Allow all connections from localhost

$ iptables ­A INPUT ­i lo ­j ACCEPT

3. Allow only established connections. This is so the response from the external
servers are able to respond $ iptables ­A INPUT ­m conntrack ­­cstate
ESTABLISHED,RELATED ­j ACCEPT

If there is an issue with that then try $ iptables ­A INPUT ­m state ­­state
ESTABLISHED,RELATED ­j ACCEPT

4. Finally, we need to add a deny/drop any statement at the end. IPTables does not do this by default like other networking devices

$ iptables ­A INPUT ­j DROP