I want to use iptables to block all incoming traffic, but on the other hand I want to whitelist all outgoing traffic. Currently, my iptables block all my outgoing traffic. How can I whitelist that?
iptables rules
iptables -F
iptables -P OUTPUT DROP
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -A OUTPUT -o enp0s18 -j ACCEPT
iptables -I INPUT -p tcp --dport 26666 -j ACCEPT
iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:26666
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
But it doesn't work:
curl http://google.com
curl: (6) Couldn't resolve host 'google.com'
What is wrong?
It's not blocking the outbound traffic; you're just blocking the inbound data that is the response (specifically, in this case, the DNS server's response).
Add this to the end to allow ESTABLISHED and RELATED data to come in through the INPUT chain:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Here's an explainshell.com link that will walk you through what that rule does.