I'm very new to iptables and my goal is the block NEW
and INVALID
connections on the INCOMING
chain and log any attempts for a NEW
connection.
I'm also letting any and all traffic out on the OUTGOING
chain.
This is what I did:
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -m conntrack --ctstate NEW,INVALID -j LOG
sudo iptables -A INPUT -m conntrack --ctstate NEW,INVALID -j DROP
When I add the last line I can no longer get out on the web.
My current setup is an old Macbook Air bridged with a VirtualBox VM running Ubuntu 14.04 LTS. The Air will eventually serve as my firewall between my router connecting to the Internet and my internal network once I get the iptables working correctly.