Firewall Rule to allow all outbound traffic help

    • OMV 4.x

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • Firewall Rule to allow all outbound traffic help

      1. Hi all

      I am trying to set up my firewall on my OMV VM. I have set up a few inbound rules that all work fine. I cant seem to get a blanket out bound rule set up tho. I am trying to set a alow all rule on out bound.

      Please see below for my rules.



      Does this look correct ?
    • mroz wrote:

      1. Hi all

      I am trying to set up my firewall on my OMV VM. I have set up a few inbound rules that all work fine. I cant seem to get a blanket out bound rule set up tho. I am trying to set a alow all rule on out bound.

      Please see below for my rules.



      Does this look correct ?

      It should work if OUTPUT Chain is ACCEPT.
      Optionally, you can -A OUTPUT -j ACCEPT but you already have it.
      You can optionally add
      -A OUTPUT -m conntrack --ctstate RELATED, ESTABLISHED -j ACCEPT
      -A OUTPUT -o lo -j ACCEPT

      But what exactly is the problem? Outgoing traffic is blocked? Maybe vm is....
    • Display Spoiler

      Source Code

      1. :INPUT DROP [0:0]
      2. :FORWARD DROP [0:0]
      3. :OUTPUT DROP [0:0]
      4. -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
      5. -A INPUT -i lo -j ACCEPT
      6. -A INPUT -s 192.168.0.14/32 -i enx001e0630caa8 -j ACCEPT
      7. -A INPUT -s 192.168.0.10/32 -i enx001e0630caa8 -j ACCEPT
      8. -A INPUT -s 192.168.0.1/32 -i enx001e0630caa8 -j ACCEPT
      9. -A INPUT -s 9.9.9.9/32 -d 192.168.0.52/32 -i enx001e0630caa8 -p tcp -m tcp --dport 20 -j ACCEPT
      10. -A INPUT -s 9.9.9.9/32 -d 192.168.0.52/32 -i enx001e0630caa8 -p tcp -m tcp --dport 1124:1200 -j ACCEPT
      11. -A INPUT -d 127.0.0.0/8 -j DROP
      12. -A INPUT -s 127.0.0.0/8 -i lo -j DROP
      13. -A INPUT -p tcp -m tcp --dport 3389 -j DROP
      14. -A INPUT -m state --state INVALID -j DROP
      15. -A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
      16. -A INPUT -f -j DROP
      17. -A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
      18. -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
      19. -A INPUT -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
      20. -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,PSH FIN,SYN,PSH -j DROP
      21. -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,URG FIN,SYN,URG -j DROP
      22. -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST FIN,SYN,RST -j DROP
      23. -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH -j DROP
      24. -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK -j DROP
      25. -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
      26. -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
      27. -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK -j DROP
      28. -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
      29. -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
      30. -A INPUT -i enx001e0630caa8 -j LOG
      31. -A INPUT -j DROP
      32. -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
      33. -A OUTPUT -o lo -j ACCEPT
      34. -A OUTPUT -d 1.1.1.1/32 -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT
      35. -A OUTPUT -d 1.1.1.1/32 -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT
      36. -A OUTPUT -d 8.8.8.8/32 -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT
      37. -A OUTPUT -d 8.8.8.8/32 -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT
      38. -A OUTPUT -d 192.168.0.14/32 -j ACCEPT
      39. -A OUTPUT -d 192.168.0.10/32 -j ACCEPT
      40. -A OUTPUT -d 192.168.0.1/32 -j ACCEPT
      41. -A OUTPUT -s 192.168.0.52/32 -p tcp -m tcp --dport 443 -m state --state NEW -m tcp -j ACCEPT
      42. -A OUTPUT -s 192.168.0.52/32 -p tcp -m tcp --dport 80 -m state --state NEW -m tcp -j ACCEPT
      43. -A OUTPUT -s 192.168.0.52/32 -p tcp -m tcp --dport 21 -m state --state NEW -m tcp -j ACCEPT
      44. -A OUTPUT -s 192.168.0.52/32 -p udp -m udp --dport 123 -j ACCEPT
      45. -A OUTPUT -s 192.168.0.52/32 -p icmp -j ACCEPT
      46. -A OUTPUT -d 127.0.0.0/8 -j DROP
      47. -A OUTPUT -j DROP
      Display All

      The post was edited 2 times, last by JohnStiles ().