I have a (non production) machine where external supporters have shell-access (non-root). I want to prevent them from going further on into our network from that machine using iptables.
The "normal" firewall-gui only blocks incoming traffic. How can I set up rules like "accept all incoming traffic (plus response), but allow only new outgoing traffic for specific targets (like snmp-traps to the monitoring server)"?
OS is CentOS 5
Best Answer
There are two ways to drop all outgoing traffic except what you explicitly define as ACCEPT. The first is to set the default policy for the OUTPUT chain to drop.
The downside to this method is that when the chain is flushed (all rules removed), all outbound traffic will be dropped. The other way is to put a "blanket" DROP rule at the end of the chain.
Without knowing exactly what you need, I can not offer advice on what to accept. I personally use the method of putting a default DROP rule at the end of the chain. You may need to investigate how your GUI is setting rules, otherwise it may conflict with traditional CLI ways of restoring rules on boot (such as /etc/sysconfig/iptables).