<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body>I cannot figure out why yum is being blocked. I understood it requried only ports 80 and 443. The below is from my script:<br><br><div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><b>read -p "Flush all current rules?"<br></b></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><b>iptables -F<br></b></span></div>
<div> </div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><b>read -p "Accept connections to the loopback interface (localhost)?"<br></b></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><b>iptables -A INPUT -i lo -j ACCEPT<br></b></span></div>
<div> </div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><b>read -p "Accept connections from the loopback interface (localhost)?"<br></b></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><b>iptables -A OUTPUT -o lo -j ACCEPT<br></b></span></div>
<div> </div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><b>read -p "Allow outgoing connections?"<br></b></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><b>iptables -A OUTPUT -o ppp0 -j ACCEPT<br></b></span></div>
<div> </div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><b>read -p "Drop all pings?"<br></b></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><b>iptables -A INPUT -p icmp --icmp-type echo-request -j DROP<br></b></span></div>
<div> </div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><b>read -p "Accept requested inbound traffic?"<br></b></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><b>iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT<br></b></span></div>
<div> </div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><b>read -p "Accept new and established ssh from specified IP?"<br></b></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><b>iptables -A INPUT -p tcp -s 107.132.57.128 --dport ssh -m state --state NEW,ESTABLISHED -j ACCEPT<br></b></span></div>
<div> </div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><b>read -p "Allow established ssh to specified IP?"<br></b></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><b>iptables -A OUTPUT -p tcp -d 107.132.57.128 --sport 22 -m state --state ESTABLISHED -j ACCEPT<br></b></span></div>
<div> </div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><b>read -p "Drop all other ssh attempts?"<br></b></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><b>iptables -A INPUT -p tcp --dport ssh -j DROP<br></b></span></div>
<div> </div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><b><span class="colour" style="color: #ff0000">read -p "Allow http traffic?"</span><span class="colour" style="color: #ff0000"><br></span></b></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><b><span class="colour" style="color: #ff0000">iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT</span><span class="colour" style="color: #ff0000"><br></span></b></span></div>
<div> </div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><b><span class="colour" style="color: #ff0000">read -p "Allow https traffic?"</span><span class="colour" style="color: #ff0000"><br></span></b></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><b><span class="colour" style="color: #ff0000">iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT</span><br></b></span></div>
<div> </div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><b>read -p "Set policy: Drop forwarding connections?"<br></b></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><b>iptables -P FORWARD DROP<br></b></span></div>
<div> </div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><b>read -p "Set policy: Drop other incoming connections?"<br></b></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><b>iptables -P INPUT DROP<br></b></span></div>
<div> </div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><b>read -p "Set policy: Drop outgoing connections?"<br></b></span></div>
<div><span class="font" style="font-family: menlo, consolas, "courier new", monospace, sans-serif;"><b>iptables -P OUTPUT DROP</b></span><br></div>
</body>
</html>