calum.org:~#

Reverse firewall

Tags:

Added: 2021-04-01T14:24:50

Reverse firewall

I wonder if it's worth on a server only allowing outbound traffic that's in response to inbound requests?
This would prevent any automated attacks from downloading root-kits, or exfiltrating data (assuming that they don't have root access - then they can just modify the firewall rules to allow what they want).

Something like this maybe?

# Assuming no pre-existing rules - don't just run this!
for PUBLIC in 22 80 443 # Your public ports
do
  iptables -A INPUT -p tcp --dport ${PUBLIC} -m conntrack --ctstate NEW -j ACCEPT
done
iptables -A INPUT -j REJECT

iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -P OUTPUT -j DROP

posted by Calum on 2021-04-01T15:35 under

Add a comment

Your IP:
Please enter 2867836 here: