ok i have been looking at iptables and have been studying it.

am i right in thinking that the iptable below will only let incomming packets on port 80, unless my server talks to the recieving computer first


iptables -A INPUT -i eth0 -p tcp --syn --destination-port ! 80 -j DROP

if i am totally wrong, please tell me, as i really wanna learn, thanx :)

ok i take it that it is wrong, because no-one has said anything about it, and its had 39 views.


ill go find some more tutorials

First close all the ports. Then open port 80 AND all other ports you need. Be careful not to lock yourself out.

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP


iptables -A INPUT -i eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0-p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state NEW,ESTABLISHED -j ACCEPT

ok cheers

looking at what you have given me, i think this (tell me if im wrong)

this closes all ports :

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

and then this opens port 80 :

iptables -A INPUT -i eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0-p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state NEW,ESTABLISHED -j ACCEPT

so if im right does this open port 21 as well :

iptables -A INPUT -i eth0 -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0-p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 21 -m state --state NEW,ESTABLISHED -j ACCEPT

Thanx for the help :)

Matt