I have tried to implement iptables rules using two different bash scripts and both times after I cannot update or upgrade…it just freezes using apt-get update && apt-get upgrade and tried using apt -y update.

The rules are as follows:

!/bin/bash

iptables -F
iptables -X

ip6tables -P INPUT DROP

ip6tables -P FORWARD DROP

ip6tables -P OUTPUT DROP

iptables -P INPUT DROP

iptables -P FORWARD DROP

iptables -P OUTPUT ACCEPT

iptables -A INPUT -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT

iptables -A OUTPUT -m conntrack –ctstate ESTABLISHED -j ACCEPT

iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -i eth0 -j ACCEPT

iptables -A OUTPUT -i eth0 -j ACCEPT

iptables -A OUTPUT -o lo -j ACCEPT

iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

iptables -A INPUT -m conntrack –ctstate INVALID -j DROP

iptables -A INPUT -p tcp –dport 22 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT

I have also tried these rules:

!/bin/bash

iptables -P INPUT DROP

iptables -P FORWARD DROP

iptables -P OUTPUT ACCEPT

iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT

iptables -A INPUT -p tcp –dport 22 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -o lo -j ACCEPT

iptables -A OUTPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

iptables -A OUTPUT -o eth0 -p udp -m udp –dport 53 -j ACCEPT

iptables -A OUTPUT -o eth0 -p tcp -m tcp –dport 80 -m state –state NEW -j ACCEPT

ip6tables -P INPUT DROP

ip6tables -P FORWARD DROP

ip6tables -P OUTPUT DROP

Any suggestions welcome please. Just trying to secure it as much as possible