Reverse firewall

Tags: networking,

Added: 2021-04-01T00:00

Reverse firewall

I wonder if it's worth on a server only allowing outbound traffic that's in response to inbound requests?
This would prevent any automated attacks from downloading root-kits, or exfiltrating data (assuming that they don't have root access - then they can just modify the firewall rules to allow what they want).

Something like this maybe?

# Assuming no pre-existing rules - don't just run this!
for PUBLIC in 22 80 443 # Your public ports
do
  iptables -A INPUT -p tcp --dport ${PUBLIC} -m conntrack --ctstate NEW -j ACCEPT
done
iptables -A INPUT -j REJECT

iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -P OUTPUT -j DROP
Posted by Calum on 2021-04-01T00:00 under: networking,
Add a comment

Your IP:
Please enter 7463366 here: