having trouble with the iptables setting for jupyter notebook. with the following rules (assume notebook port 8888), jupyter notebook server would be launched successfully, but the actual notebook kernel would fail to start/establish.
by commenting out the last iptables rule "-A OUTPUT -j DROP", everything works fine.
any thoughts?
-A INPUT -p tcp -m state --state NEW,ESTABLISHED --dport 8888 -j ACCEPT
-A INPUT -p tcp -m state --state ESTABLISHED --sport 8888 -j ACCEPT
-A OUTPUT -p tcp -m state --state ESTABLISHED --sport 8888 -j ACCEPT
-A OUTPUT -p tcp -m state --state NEW,ESTABLISHED --dport 8888 -j ACCEPT
-A INPUT -j DROP
-A OUTPUT -j DROP
Often tools like jupyter use the loopback device (localhost) to access certain features. For example, jupyter has a frontend that communicates over HTTP with the notebook server, which sends messages via sockets to the IPython Kernel (see: https://jupyter.readthedocs.io/en/latest/architecture/how_jupyter_ipython_work.html).
I would add the following rules:
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT
These rules allow input and output to and from the loopback device (localhost).