Iptables - facing problems to allow specific ports and block others
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
I tried to block all ports except 22(ssh), 80(http), 443(https). My current INPUT rules are these.
> iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:http
DROP all -- anywhere anywhere
it should accept http and https port and then block everything else. but It's blocking everything. for example when I try to visit facebook which uses port 80 & 443, it doesn't work. I can't visit facebook. what should I do now?
I also tried like this. Allowed mentioned ports and made the policy DROP, though I'm not sure. the same happens.
> iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:http
iptables kali-linux firewall
edited Aug 21 at 1:01
Rui F Ribeiro
35k1269113
asked Feb 9 at 0:44
Rabin
83
 |Â
show 1 more comment
up vote
1
down vote
favorite
I tried to block all ports except 22(ssh), 80(http), 443(https). My current INPUT rules are these.
> iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:http
DROP all -- anywhere anywhere
it should accept http and https port and then block everything else. but It's blocking everything. for example when I try to visit facebook which uses port 80 & 443, it doesn't work. I can't visit facebook. what should I do now?
I also tried like this. Allowed mentioned ports and made the policy DROP, though I'm not sure. the same happens.
> iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:http
iptables kali-linux firewall
edited Aug 21 at 1:01
Rui F Ribeiro
35k1269113
asked Feb 9 at 0:44
Rabin
83
You are using Kali Linux?
– Nasir Riley
Feb 9 at 1:54
yes. @NasirRiley i know there's no need to mention it
– Rabin
Feb 9 at 2:12
Kali Linux is not for beginners. It is meant for penetration testing and it's designed with the idea that the user will have a good base knowledge of Linux at the very least. Even if you are using it for that, I would recommend that you use a distro such as Ubuntu first to get more familiar with it before using Kali Linux.
– Nasir Riley
Feb 9 at 2:27
Secondly, you don't need ports 80 and 443 open to access other websites. The iptables rules that you have are for allowing access to your machine if you are running a webserver and hosting websites.
– Nasir Riley
Feb 9 at 2:28
In your case, you want to test your network connectivity. Try pinging other addresses in your local network. Also, can you post the output of the following commands:ifconfigcat /etc/network/interfacescat /etc/resolv.confservice network-manager status
– Nasir Riley
Feb 9 at 2:28
 |Â
show 1 more comment
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I tried to block all ports except 22(ssh), 80(http), 443(https). My current INPUT rules are these.
> iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:http
DROP all -- anywhere anywhere
it should accept http and https port and then block everything else. but It's blocking everything. for example when I try to visit facebook which uses port 80 & 443, it doesn't work. I can't visit facebook. what should I do now?
I also tried like this. Allowed mentioned ports and made the policy DROP, though I'm not sure. the same happens.
> iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:http
iptables kali-linux firewall
edited Aug 21 at 1:01
Rui F Ribeiro
35k1269113
asked Feb 9 at 0:44
Rabin
83
I tried to block all ports except 22(ssh), 80(http), 443(https). My current INPUT rules are these.
> iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:http
DROP all -- anywhere anywhere
it should accept http and https port and then block everything else. but It's blocking everything. for example when I try to visit facebook which uses port 80 & 443, it doesn't work. I can't visit facebook. what should I do now?
I also tried like this. Allowed mentioned ports and made the policy DROP, though I'm not sure. the same happens.
> iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:http
iptables kali-linux firewall
edited Aug 21 at 1:01
Rui F Ribeiro
35k1269113
asked Feb 9 at 0:44
Rabin
83
edited Aug 21 at 1:01
Rui F Ribeiro
35k1269113
edited Aug 21 at 1:01
Rui F Ribeiro
35k1269113
edited Aug 21 at 1:01
Rui F Ribeiro
35k1269113
35k1269113
asked Feb 9 at 0:44
Rabin
83
asked Feb 9 at 0:44
Rabin
83
asked Feb 9 at 0:44
Rabin
83
83
You are using Kali Linux?
– Nasir Riley
Feb 9 at 1:54
yes. @NasirRiley i know there's no need to mention it
– Rabin
Feb 9 at 2:12
Kali Linux is not for beginners. It is meant for penetration testing and it's designed with the idea that the user will have a good base knowledge of Linux at the very least. Even if you are using it for that, I would recommend that you use a distro such as Ubuntu first to get more familiar with it before using Kali Linux.
– Nasir Riley
Feb 9 at 2:27
Secondly, you don't need ports 80 and 443 open to access other websites. The iptables rules that you have are for allowing access to your machine if you are running a webserver and hosting websites.
– Nasir Riley
Feb 9 at 2:28
In your case, you want to test your network connectivity. Try pinging other addresses in your local network. Also, can you post the output of the following commands:ifconfigcat /etc/network/interfacescat /etc/resolv.confservice network-manager status
– Nasir Riley
Feb 9 at 2:28
 |Â
show 1 more comment
You are using Kali Linux?
– Nasir Riley
Feb 9 at 1:54
yes. @NasirRiley i know there's no need to mention it
– Rabin
Feb 9 at 2:12
Kali Linux is not for beginners. It is meant for penetration testing and it's designed with the idea that the user will have a good base knowledge of Linux at the very least. Even if you are using it for that, I would recommend that you use a distro such as Ubuntu first to get more familiar with it before using Kali Linux.
– Nasir Riley
Feb 9 at 2:27
Secondly, you don't need ports 80 and 443 open to access other websites. The iptables rules that you have are for allowing access to your machine if you are running a webserver and hosting websites.
– Nasir Riley
Feb 9 at 2:28
In your case, you want to test your network connectivity. Try pinging other addresses in your local network. Also, can you post the output of the following commands:ifconfigcat /etc/network/interfacescat /etc/resolv.confservice network-manager status
– Nasir Riley
Feb 9 at 2:28
You are using Kali Linux?
– Nasir Riley
Feb 9 at 1:54
You are using Kali Linux?
– Nasir Riley
Feb 9 at 1:54
yes. @NasirRiley i know there's no need to mention it
– Rabin
Feb 9 at 2:12
yes. @NasirRiley i know there's no need to mention it
– Rabin
Feb 9 at 2:12
Kali Linux is not for beginners. It is meant for penetration testing and it's designed with the idea that the user will have a good base knowledge of Linux at the very least. Even if you are using it for that, I would recommend that you use a distro such as Ubuntu first to get more familiar with it before using Kali Linux.
– Nasir Riley
Feb 9 at 2:27
Kali Linux is not for beginners. It is meant for penetration testing and it's designed with the idea that the user will have a good base knowledge of Linux at the very least. Even if you are using it for that, I would recommend that you use a distro such as Ubuntu first to get more familiar with it before using Kali Linux.
– Nasir Riley
Feb 9 at 2:27
Secondly, you don't need ports 80 and 443 open to access other websites. The iptables rules that you have are for allowing access to your machine if you are running a webserver and hosting websites.
– Nasir Riley
Feb 9 at 2:28
Secondly, you don't need ports 80 and 443 open to access other websites. The iptables rules that you have are for allowing access to your machine if you are running a webserver and hosting websites.
– Nasir Riley
Feb 9 at 2:28
In your case, you want to test your network connectivity. Try pinging other addresses in your local network. Also, can you post the output of the following commands:
ifconfig cat /etc/network/interfaces cat /etc/resolv.conf service network-manager status– Nasir Riley
Feb 9 at 2:28
In your case, you want to test your network connectivity. Try pinging other addresses in your local network. Also, can you post the output of the following commands:
ifconfig cat /etc/network/interfaces cat /etc/resolv.conf service network-manager status– Nasir Riley
Feb 9 at 2:28
 |Â
show 1 more comment
2 Answers
2
active
oldest
votes
up vote
1
down vote
accepted
The policy rules that you've created will allow outside hosts to connect to your TCP ports 22, 80 and 443, but not allow any other traffic, including your own! If you really want to prevent this host from accessing anything other than these three ports, and don't want outside hosts to access yours at all, you can put the rules on your OUTPUT rule chain instead of your INPUT one and then have a CONNTRACK rule on your input chain to prevent connections that you didn't initiate:
-P INPUT DROP
-P OUTPUT DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m udp -p udp --sport 53 -j ACCEPT
-A OUTPUT -i lo -j ACCEPT
-A OUTPUT -m tcp -p tcp --dport 22 -j ACCEPT
-A OUTPUT -m tcp -p tcp --dport 53 -j ACCEPT
-A OUTPUT -m udp -p udp --dport 53 -j ACCEPT
-A OUTPUT -m tcp -p tcp --dport 80 -j ACCEPT
-A OUTPUT -m tcp -p tcp --dport 443 -j ACCEPT
I usually allow the loopback adapter to work normally as some internal programs may need it; as well, I would allow DNS traffic, or else you won't be able to resolve domain names.
answered Feb 9 at 6:41
ErikF
2,7111413
it resolved just by adding related and established. but I didn't got the point why I should add these output rules. could you please explain a little more?
– Rabin
Feb 9 at 8:45
Well-known port numbers apply to the server, not the client, so if you want to allow access to only certain ports on other hosts, you need to check on data being sent, not received. In this case, you indicated that you only wanted programs to be able to access HTTP(S) and SSH ports (and DNS), so those are what I put in theOUTPUTsection; everything else will be dropped.
– ErikF
Feb 9 at 20:05
add a comment |Â
up vote
1
down vote
As others pointed out in the comments, you do not need INPUT rules like those to access websites. You would only need these rules if you were running services on these ports locally. If you did want to restrict outbound traffic instead, these rules would need to go in the OUTPUT chain.
Additionally, you are losing all connectivity because you are DROPping all inbound traffic. When you make a connection to a webserver, the returning data (specifically, the TCP 3 way handshake) will be DROPPed in the INPUT chain because of your catch-all drop. To fix this, you need to add a rule to allow these return connections:
iptables -I INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
answered Feb 9 at 15:15
multithr3at3d
37618
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
accepted
The policy rules that you've created will allow outside hosts to connect to your TCP ports 22, 80 and 443, but not allow any other traffic, including your own! If you really want to prevent this host from accessing anything other than these three ports, and don't want outside hosts to access yours at all, you can put the rules on your OUTPUT rule chain instead of your INPUT one and then have a CONNTRACK rule on your input chain to prevent connections that you didn't initiate:
-P INPUT DROP
-P OUTPUT DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m udp -p udp --sport 53 -j ACCEPT
-A OUTPUT -i lo -j ACCEPT
-A OUTPUT -m tcp -p tcp --dport 22 -j ACCEPT
-A OUTPUT -m tcp -p tcp --dport 53 -j ACCEPT
-A OUTPUT -m udp -p udp --dport 53 -j ACCEPT
-A OUTPUT -m tcp -p tcp --dport 80 -j ACCEPT
-A OUTPUT -m tcp -p tcp --dport 443 -j ACCEPT
I usually allow the loopback adapter to work normally as some internal programs may need it; as well, I would allow DNS traffic, or else you won't be able to resolve domain names.
answered Feb 9 at 6:41
ErikF
2,7111413
it resolved just by adding related and established. but I didn't got the point why I should add these output rules. could you please explain a little more?
– Rabin
Feb 9 at 8:45
Well-known port numbers apply to the server, not the client, so if you want to allow access to only certain ports on other hosts, you need to check on data being sent, not received. In this case, you indicated that you only wanted programs to be able to access HTTP(S) and SSH ports (and DNS), so those are what I put in theOUTPUTsection; everything else will be dropped.
– ErikF
Feb 9 at 20:05
add a comment |Â
up vote
1
down vote
accepted
The policy rules that you've created will allow outside hosts to connect to your TCP ports 22, 80 and 443, but not allow any other traffic, including your own! If you really want to prevent this host from accessing anything other than these three ports, and don't want outside hosts to access yours at all, you can put the rules on your OUTPUT rule chain instead of your INPUT one and then have a CONNTRACK rule on your input chain to prevent connections that you didn't initiate:
-P INPUT DROP
-P OUTPUT DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m udp -p udp --sport 53 -j ACCEPT
-A OUTPUT -i lo -j ACCEPT
-A OUTPUT -m tcp -p tcp --dport 22 -j ACCEPT
-A OUTPUT -m tcp -p tcp --dport 53 -j ACCEPT
-A OUTPUT -m udp -p udp --dport 53 -j ACCEPT
-A OUTPUT -m tcp -p tcp --dport 80 -j ACCEPT
-A OUTPUT -m tcp -p tcp --dport 443 -j ACCEPT
I usually allow the loopback adapter to work normally as some internal programs may need it; as well, I would allow DNS traffic, or else you won't be able to resolve domain names.
answered Feb 9 at 6:41
ErikF
2,7111413
it resolved just by adding related and established. but I didn't got the point why I should add these output rules. could you please explain a little more?
– Rabin
Feb 9 at 8:45
Well-known port numbers apply to the server, not the client, so if you want to allow access to only certain ports on other hosts, you need to check on data being sent, not received. In this case, you indicated that you only wanted programs to be able to access HTTP(S) and SSH ports (and DNS), so those are what I put in theOUTPUTsection; everything else will be dropped.
– ErikF
Feb 9 at 20:05
add a comment |Â
up vote
1
down vote
accepted
up vote
1
down vote
accepted
The policy rules that you've created will allow outside hosts to connect to your TCP ports 22, 80 and 443, but not allow any other traffic, including your own! If you really want to prevent this host from accessing anything other than these three ports, and don't want outside hosts to access yours at all, you can put the rules on your OUTPUT rule chain instead of your INPUT one and then have a CONNTRACK rule on your input chain to prevent connections that you didn't initiate:
-P INPUT DROP
-P OUTPUT DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m udp -p udp --sport 53 -j ACCEPT
-A OUTPUT -i lo -j ACCEPT
-A OUTPUT -m tcp -p tcp --dport 22 -j ACCEPT
-A OUTPUT -m tcp -p tcp --dport 53 -j ACCEPT
-A OUTPUT -m udp -p udp --dport 53 -j ACCEPT
-A OUTPUT -m tcp -p tcp --dport 80 -j ACCEPT
-A OUTPUT -m tcp -p tcp --dport 443 -j ACCEPT
I usually allow the loopback adapter to work normally as some internal programs may need it; as well, I would allow DNS traffic, or else you won't be able to resolve domain names.
answered Feb 9 at 6:41
ErikF
2,7111413
The policy rules that you've created will allow outside hosts to connect to your TCP ports 22, 80 and 443, but not allow any other traffic, including your own! If you really want to prevent this host from accessing anything other than these three ports, and don't want outside hosts to access yours at all, you can put the rules on your OUTPUT rule chain instead of your INPUT one and then have a CONNTRACK rule on your input chain to prevent connections that you didn't initiate:
-P INPUT DROP
-P OUTPUT DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m udp -p udp --sport 53 -j ACCEPT
-A OUTPUT -i lo -j ACCEPT
-A OUTPUT -m tcp -p tcp --dport 22 -j ACCEPT
-A OUTPUT -m tcp -p tcp --dport 53 -j ACCEPT
-A OUTPUT -m udp -p udp --dport 53 -j ACCEPT
-A OUTPUT -m tcp -p tcp --dport 80 -j ACCEPT
-A OUTPUT -m tcp -p tcp --dport 443 -j ACCEPT
I usually allow the loopback adapter to work normally as some internal programs may need it; as well, I would allow DNS traffic, or else you won't be able to resolve domain names.
answered Feb 9 at 6:41
ErikF
2,7111413
answered Feb 9 at 6:41
ErikF
2,7111413
answered Feb 9 at 6:41
ErikF
2,7111413
answered Feb 9 at 6:41
ErikF
2,7111413
2,7111413
it resolved just by adding related and established. but I didn't got the point why I should add these output rules. could you please explain a little more?
– Rabin
Feb 9 at 8:45
Well-known port numbers apply to the server, not the client, so if you want to allow access to only certain ports on other hosts, you need to check on data being sent, not received. In this case, you indicated that you only wanted programs to be able to access HTTP(S) and SSH ports (and DNS), so those are what I put in theOUTPUTsection; everything else will be dropped.
– ErikF
Feb 9 at 20:05
add a comment |Â
it resolved just by adding related and established. but I didn't got the point why I should add these output rules. could you please explain a little more?
– Rabin
Feb 9 at 8:45
Well-known port numbers apply to the server, not the client, so if you want to allow access to only certain ports on other hosts, you need to check on data being sent, not received. In this case, you indicated that you only wanted programs to be able to access HTTP(S) and SSH ports (and DNS), so those are what I put in theOUTPUTsection; everything else will be dropped.
– ErikF
Feb 9 at 20:05
it resolved just by adding related and established. but I didn't got the point why I should add these output rules. could you please explain a little more?
– Rabin
Feb 9 at 8:45
it resolved just by adding related and established. but I didn't got the point why I should add these output rules. could you please explain a little more?
– Rabin
Feb 9 at 8:45
Well-known port numbers apply to the server, not the client, so if you want to allow access to only certain ports on other hosts, you need to check on data being sent, not received. In this case, you indicated that you only wanted programs to be able to access HTTP(S) and SSH ports (and DNS), so those are what I put in the
OUTPUT section; everything else will be dropped.– ErikF
Feb 9 at 20:05
Well-known port numbers apply to the server, not the client, so if you want to allow access to only certain ports on other hosts, you need to check on data being sent, not received. In this case, you indicated that you only wanted programs to be able to access HTTP(S) and SSH ports (and DNS), so those are what I put in the
OUTPUT section; everything else will be dropped.– ErikF
Feb 9 at 20:05
add a comment |Â
up vote
1
down vote
As others pointed out in the comments, you do not need INPUT rules like those to access websites. You would only need these rules if you were running services on these ports locally. If you did want to restrict outbound traffic instead, these rules would need to go in the OUTPUT chain.
Additionally, you are losing all connectivity because you are DROPping all inbound traffic. When you make a connection to a webserver, the returning data (specifically, the TCP 3 way handshake) will be DROPPed in the INPUT chain because of your catch-all drop. To fix this, you need to add a rule to allow these return connections:
iptables -I INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
answered Feb 9 at 15:15
multithr3at3d
37618
add a comment |Â
up vote
1
down vote
As others pointed out in the comments, you do not need INPUT rules like those to access websites. You would only need these rules if you were running services on these ports locally. If you did want to restrict outbound traffic instead, these rules would need to go in the OUTPUT chain.
Additionally, you are losing all connectivity because you are DROPping all inbound traffic. When you make a connection to a webserver, the returning data (specifically, the TCP 3 way handshake) will be DROPPed in the INPUT chain because of your catch-all drop. To fix this, you need to add a rule to allow these return connections:
iptables -I INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
answered Feb 9 at 15:15
multithr3at3d
37618
add a comment |Â
up vote
1
down vote
up vote
1
down vote
As others pointed out in the comments, you do not need INPUT rules like those to access websites. You would only need these rules if you were running services on these ports locally. If you did want to restrict outbound traffic instead, these rules would need to go in the OUTPUT chain.
Additionally, you are losing all connectivity because you are DROPping all inbound traffic. When you make a connection to a webserver, the returning data (specifically, the TCP 3 way handshake) will be DROPPed in the INPUT chain because of your catch-all drop. To fix this, you need to add a rule to allow these return connections:
iptables -I INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
answered Feb 9 at 15:15
multithr3at3d
37618
As others pointed out in the comments, you do not need INPUT rules like those to access websites. You would only need these rules if you were running services on these ports locally. If you did want to restrict outbound traffic instead, these rules would need to go in the OUTPUT chain.
Additionally, you are losing all connectivity because you are DROPping all inbound traffic. When you make a connection to a webserver, the returning data (specifically, the TCP 3 way handshake) will be DROPPed in the INPUT chain because of your catch-all drop. To fix this, you need to add a rule to allow these return connections:
iptables -I INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
answered Feb 9 at 15:15
multithr3at3d
37618
answered Feb 9 at 15:15
multithr3at3d
37618
answered Feb 9 at 15:15
multithr3at3d
37618
answered Feb 9 at 15:15
multithr3at3d
37618
37618
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f422942%2fiptables-facing-problems-to-allow-specific-ports-and-block-others%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
You are using Kali Linux?
– Nasir Riley
Feb 9 at 1:54
yes. @NasirRiley i know there's no need to mention it
– Rabin
Feb 9 at 2:12
Kali Linux is not for beginners. It is meant for penetration testing and it's designed with the idea that the user will have a good base knowledge of Linux at the very least. Even if you are using it for that, I would recommend that you use a distro such as Ubuntu first to get more familiar with it before using Kali Linux.
– Nasir Riley
Feb 9 at 2:27
Secondly, you don't need ports 80 and 443 open to access other websites. The iptables rules that you have are for allowing access to your machine if you are running a webserver and hosting websites.
– Nasir Riley
Feb 9 at 2:28
In your case, you want to test your network connectivity. Try pinging other addresses in your local network. Also, can you post the output of the following commands:
ifconfigcat /etc/network/interfacescat /etc/resolv.confservice network-manager status– Nasir Riley
Feb 9 at 2:28