"iptables -P OUTPUT DROP" blocks DDWRT's web interface

1

1

When I do iptables -P OUTPUT DROP it blocks DDWRT's web interface.

That is I am not able to access http://192.168.1.1 via Firefox.

I put this rules before changing the chain policy to drop:

iptables -I OUTPUT 1 -p tcp --dport 53 -j ACCEPT
iptables -I OUTPUT 2 -p udp --dport 53 -j ACCEPT
iptables -I OUTPUT 3 -p tcp --dport 80 -j ACCEPT
iptables -I OUTPUT 4 -p tcp --dport 443 -j ACCEPT

Why is iptables -P OUTPUT DROP blocking the management interface?

quickbooks

Posted 2014-01-23T22:12:55.353

Reputation: 63

1you need to accept RELATED,ESTABLISHED outbound packets. – cybernard – 2014-01-24T04:34:56.903

Answers

0

The OUTPUT chain specifically targets packets generated on the host(i.e. DD-WRT box). This is how the web server communicates. As mentioned by cybernard, allowing ESTABLISHED connections will allow you to initiate the connection from a browser(assuming your INPUT rules allow it).

codemonk113

Posted 2014-01-23T22:12:55.353

Reputation: 76

Asked: 2014-01-23T22:12:55.353

Viewed: 442 times

Active: 2016-04-26T20:43:42.010