1

This question is in a way related this and this

My question is about blocking incoming connections using iptables. I read different posts in unix.stackexchange.com and got a basic understanding of iptables. But I do not understand some particular points. Any help is appreciated.

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT                              
iptables -P INPUT DROP

I wanna use this code. It has to block all incoming connections (all ports will be closed for an outsider) except the responses for requests sent by me. This was simple I thought.

  1. will incoming ICMP ping requests be blocked by the above shown code ? If not, why?

  2. if above shown code does not block ICMP ping requests, adding iptables -I INPUT -j DROP -p icmp --icmp-type echo-request will block it?

  3. can port scans from a blocked ip can get information about my computer?

  4. should I add specific rules like -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP to block specific flood attacks or my first code handles it?

Raj A
  • 13
  • 2

2 Answers2

1
  1. Yes. All inbound traffic that isn't post of an existing session will be blocked
  3. Only if (a) you've connected to that rogue host, or (b) it knows you should be there and by your lack if response it can infer you've a firewall
  4. You're already covered by #1
roaima
  • 107,089
  • 14
  • 139
  • 261
1

@roaima's answer is good, but only so long as you don't start allowing some things.

I would recommend:

  1. I would put an explicit DROP rule in. It should be last. 
    iptables -A INPUT -j DROP
    Mind you, set the policy too.
  2. If you ever plan to allow some input (like SSH or a web server), put your #4 before any ALLOWs. Also block other bad things, like fragments.
  3. Your point 2 is correct, but only for IPv4. IPv6 has a different ping. And (classically) a different set of filters.
  4. Don't forget to filter IPv6 too.
David G.
  • 1,314
  • 1
  • 4
  • 15