Categories
Mastering Development System & Network

UFW/Iptables: Allow response to http(s) requests but block everything else

I’d like to block everything outgoing from my server while still allowing responses to incoming http/https requests.

Some examples:

User calls my server using his browser (https://myserver.example.org/test.html)
Firewall should allow a response and server should deliver test.html to user.

Application on my server tries to connect to https://badguy.example.org/test.html
Firewall should deny this outgoing request because badguy.example.org didn’t request anything from my server.

I don’t want that to be based on IPs or IP ranges. Just if server is contacted from an ip, it is allowed to respond. If he hasn’t been contacted by this ip before, it is not allowed to send anything there.

Is this possibe using ufw or iptables? How do I do that?

Leave a Reply

Your email address will not be published. Required fields are marked *