Ubuntu: Iptables

Enable Firewall:

vi /etc/network/interfaces
 
auto lo eth1
iface lo inet loopback
 
# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp
post-up iptables-restore < /etc/iptables.up.rules
/etc/iptables.up.rules
# allow all incomings from Support
-A INPUT -s 213.252.142.196 -j ACCEPT
-A INPUT -s 62.225.124.190 -j ACCEPT
-A INPUT -s 62.225.124.186 -j ACCEPT
-A INPUT -s 127.0.0.1 -j ACCEPT
# Internal FTP
-A INPUT -p tcp -m tcp -m multiport -s 10.1.2.1 -j ACCEPT --dports 20,21
# Port 3305 for all
-A INPUT -p tcp -m tcp --dport 3305 -j ACCEPT
# Drop all
-A INPUT -j DROP
COMMIT
 
 
 Show staus:
iptables -L
 
 
 Activate iptables rules:
iptables-restore < /etc/iptables.up.rules
 
 Deactivate iptables FW (or all rules)
iptables -F
 
Problem a connection to special for doesnt work even we have outgoing iptables -A OUTGOING -j ACCECPT
 
Solution:
 
-A INPUT -i eth1 -p tcp --sport 3305 -m state --state ESTABLISHED -j ACCEPT
 
example open for ntp
 
-A INPUT  -p udp --dport 123 -j ACCEPT
-A OUTPUT  -p udp  --dport 123 -j ACCEPT