I need rule to allowing outgoing traffic from intranet addresses 192.168.X.X to foreign addresses 123.123.123.0-63 and by using tcp Protocol.
Sorry for bad english
Thanks
111 Answer
/sbin/iptables -A OUTPUT -p tcp -s 192.168.xxx.xxx -d 123.123.123.123/26 -j ACCEPT - Here, replace the xxx.xxx with the actual address.
Try this one for the first question.
Explanation:
/sbin/iptables - This is the dir of IPTables, you can also just use iptables ... and it should work just fine.
-A OUTPUT - This will Append the following rule to the OUTPUT chain.
-p tcp - This specifies the protocol of the packets being handled.
-s 192.168.xxx.xxx - This specifies the source IP Address that you want to handle outgoing packets from.
-d 123.123.123.123/26 - This specifies the destination in which the source ip packets are headed. The one you posted 123.123.123.0-63, is a 64 subnet, so you will be using a /26 to specify that subnet.
-j ACCEPT - Simply tells the firewall to accept these packets from going through.
--------------------------------------------------------------------------------------
For the next questions, by default, your firewall (iptables) allows all incoming traffic unless you change that. (just FYI)
Allow port 25: iptables -A INPUT -p tcp --dport 25 -j ACCEPT
Allow port 80: iptables -A INPUT -p tcp --dport 80 -j ACCEPT
Deny all other traffic: iptables -A INPUT -j DROP
Be sure to not just copy and paste my answers, study and practice IPTables rules.
0