Creating a proxy test environment for ADB/CDK

Creating-a-proxy-test-environment-for-ADB-and-CDK

#Run as root or add sudo at the beginning of each command

iptables -F

# Allow loopback
iptables -I INPUT 1 -i lo -j ACCEPT

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Allow DNS
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT

#Allow traffic to proxy server
iptables -A OUTPUT -p tcp -d 10.70.49.109 --dport 3128 -j ACCEPT
iptables -A OUTPUT -p tcp -d 10.70.49.109 --dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp -d 10.70.49.109 --dport 8080 -j ACCEPT	

#Allow ssh
iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp -d xip.io --dport 80 -j ACCEPT

# Allow web console
iptables -A INPUT -p tcp --dport 8443 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 8443 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 8443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --sport 8443 -m conntrack --ctstate ESTABLISHED -j ACCEPT

iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

# Drop everything
iptables -P INPUT DROP
iptables -P OUTPUT DROP

iptables-save

iptables-save > iptables-rules
Then when you want to restore
iptables-restore < iptables-rules

Fund following rules to explicitly allow ping

iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT

iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT to allow traffic from libvirt virbr0 . Refer https://wiki.centos.org/HowTos/Network/IPTables