From e0e3d2b43affc75161167a6d5548be0d3b5b2dc7 Mon Sep 17 00:00:00 2001
From: xdrm-brackets <doowap31@gmail.com>
Date: Wed, 10 May 2017 15:50:13 +0200
Subject: [PATCH] [update] iptables allows apt-get and dns

---
 clone/utility/iptables | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/clone/utility/iptables b/clone/utility/iptables
index d19c647..91a07b8 100644
--- a/clone/utility/iptables
+++ b/clone/utility/iptables
@@ -6,18 +6,23 @@ iptables -P INPUT DROP;
 
 # maintenance
 iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT;
-iptables -A OUTPUT -p tcp -m tcp --sport 22 -j ACCEPT;
 
 # SMMP-server
-iptables -A INPUT -p tcp -m tcp --sport 22 -j ACCEPT;
 iptables -A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT;
 
 # SMMP
-iptables -A INPUT -p tcp -m tcp --sport 443 -j ACCEPT;
 iptables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT;
 
+# apt-get
+iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT;
+iptables -A OUTPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT;
+
 # dns
-iptables -A OUTPUT -p udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT;
-iptables -A INPUT  -p udp --sport 53 -m state --state ESTABLISHED     -j ACCEPT;
-iptables -A OUTPUT -p tcp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT;
-iptables -A INPUT  -p tcp --sport 53 -m state --state ESTABLISHED     -j ACCEPT;
\ No newline at end of file
+iptables -A OUTPUT -p tcp --dport 53 -m state --state NEW -j ACCEPT;
+iptables -A OUTPUT -p udp --dport 53 -m state --state NEW -j ACCEPT;
+
+# accept as INPUT all already ESTABLISHED connections
+iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT;
+
+# accept to OUTPUT all already ESTABLISHED connections
+iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT;
\ No newline at end of file