From f1290d7ca46a29b57bdc80eca333ff5eaa2b8f37 Mon Sep 17 00:00:00 2001 From: Dirk Alders Date: Sun, 24 Mar 2024 18:41:34 +0100 Subject: [PATCH] outgoing http added for nagios checks --- ipt-static-ruleset | 2 +- rules.v4 | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ipt-static-ruleset b/ipt-static-ruleset index 46cbec3..1e49378 100755 --- a/ipt-static-ruleset +++ b/ipt-static-ruleset @@ -16,7 +16,7 @@ sudo iptables -A OUTPUT -j ACCEPT -p udp --dport 123 -m comment --comment "accep # Allow some usefull outgoing traffic for all VLANS (ssh) sudo iptables -A OUTPUT -j ACCEPT -p tcp --dport 22 -m comment --comment "accept outgoing ssh" - +sudo iptables -A OUTPUT -j ACCEPT -p tcp --dport 80 -m comment --comment "accept outgoing http" # Allow established and related trafic sudo iptables -A INPUT -j ACCEPT -m conntrack --ctstate ESTABLISHED,RELATED -m comment --comment "accept all incomming established and related trafic" diff --git a/rules.v4 b/rules.v4 index 4e12f35..e531a2f 100644 --- a/rules.v4 +++ b/rules.v4 @@ -33,6 +33,7 @@ -A OUTPUT -p tcp -m tcp --dport 53 -m comment --comment "accept outgoing dns" -j ACCEPT -A OUTPUT -p udp -m udp --dport 123 -m comment --comment "accept outgoing ntp" -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 22 -m comment --comment "accept outgoing ssh" -j ACCEPT +-A OUTPUT -p tcp -m tcp --dport 80 -m comment --comment "accept outgoing http" -j ACCEPT -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "accept all outgoing established and related trafic" -j ACCEPT -A OUTPUT -o lo -m comment --comment "accept all outgoing traffic of the loopback device" -j ACCEPT -A OUTPUT -o eth0.30 -m comment --comment "accept all outgoing traffic of the eth0.30 device" -j ACCEPT