iptables policy & saving in RHEL

Question

As part of a "Hardening" task, I need to run

iptables -P INPUT DROP 
iptables -P OUTPUT DROP 
iptables -P FORWARD DROP

On our servers. Normally we would run this command and then run /sbin/iptables-save to implement the new policy. However as soon as I ran iptables -P OUTPUT DROP my SSH disconnected. Is this due to the OS being RHEL? How do I configure this machine to allow my IP address through?

Your server already has a firewall. You should look at it before attempting this so-called "Hardening" task. The task probably does not make sense for RHEL as the firewall is already hardened properly by Red Hat. — Michael Hampton, Jul 29 '20 at 14:24
@MichaelHampton : Unfortunately I do not have that option. This is a mandatory task... — searcot jabali, Jul 29 '20 at 14:55

Janne Paalijarvi · Answer 1 · 2020-07-29T16:14:54.310

If you really want to just allow your "IP address through", you need to allow your IP in and out before setting the default policy. So, before any other iptables commands run something like this:

iptables -I INPUT -s 192.168.241.1 -j ACCEPT

iptables -I OUTPUT -d 192.168.241.1 -j ACCEPT

(Of course substitute 192.168.241.1 for your IP address.)

In real life though we normally do stuff a bit more elegantly, but in your specific task/situation/question this should give your IP free access you want.

It should be noted that default DROP policies without any amendments will disrupt many basic network functionalities. If this is a school lab or something, next steps are probably allowing basic networking functionalities with iptables again.

iptables policy & saving in RHEL

1 Answers1