Results 1 to 3 of 3
-
06-01-2004, 12:12 PM #1Junior Guru Wannabe
- Join Date
- Mar 2004
- Location
- Poland, Lublin
- Posts
- 75
iptables - close all ports without specify ports
hi...
how to create iptables rules to block all traffic without this port destination
[CPANEL]
tcp *:2082
tcp *:2083
tcp *:2086
tcp *:2087
[MAIL]
tcp *:pop3
tcp *:imap
tcp *mtp
[WWW]
tcp *:http
tcp *:https
[OTHER]
tcp *:tcpmux
tcp *:ftp
tcp *sh
thanks for help
ps. sorry 4 my eng..
-
06-01-2004, 02:40 PM #2Web Hosting Master
- Join Date
- Jun 2003
- Posts
- 976
iptables rules like those should do the work
iptables -P INPUT DENY
iptables -A INPUT -p tcp --destination-port 2082 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 2083 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 2086 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 2087 -j ACCEPT
iptables -A INPUT -p tcp --destination-port pop3 -j ACCEPT
iptables -A INPUT -p tcp --destination-port imap -j ACCEPT
iptables -A INPUT -p tcp --destination-port smtp -j ACCEPT
iptables -A INPUT -p tcp --destination-port http -j ACCEPT
iptables -A INPUT -p tcp --destination-port https -j ACCEPT
iptables -A INPUT -p tcp --destination-port tcpmux -j ACCEPT
iptables -A INPUT -p tcp --destination-port ftp -j ACCEPT
iptables -A INPUT -p tcp --destination-port ssh -j ACCEPT
-
06-02-2004, 07:42 AM #3Junior Guru Wannabe
- Join Date
- Nov 2001
- Posts
- 72
It may be a little more easier to read if your put the "iptables -P INPUT" line on the bottom, as the list is a drop through conditional.
Originally posted by sehe
iptables rules like those should do the work
first one denys all input, others allow specific destination ports::. www.diginode.net : Dedicated Servers : Virtual Machine Servers .::
::. Industry-Leading Remote Server Management .::
::. Automatic OS Re-image : Instant Server Reboot : Remote Serial Console .::
::. Over 20 OSes to choose from : Install a new OS every day .::