Results 1 to 3 of 3
  1. #1
    Join Date
    Mar 2004
    Location
    Poland, Lublin
    Posts
    75

    iptables - close all ports without specify ports

    hi...

    how to create iptables rules to block all traffic without this port destination

    [CPANEL]
    tcp *:2082
    tcp *:2083
    tcp *:2086
    tcp *:2087

    [MAIL]
    tcp *:pop3
    tcp *:imap
    tcp *mtp

    [WWW]
    tcp *:http
    tcp *:https

    [OTHER]
    tcp *:tcpmux
    tcp *:ftp
    tcp *sh

    thanks for help

    ps. sorry 4 my eng..

  2. #2
    Join Date
    Jun 2003
    Posts
    976
    iptables rules like those should do the work
    iptables -P INPUT DENY
    iptables -A INPUT -p tcp --destination-port 2082 -j ACCEPT
    iptables -A INPUT -p tcp --destination-port 2083 -j ACCEPT
    iptables -A INPUT -p tcp --destination-port 2086 -j ACCEPT
    iptables -A INPUT -p tcp --destination-port 2087 -j ACCEPT
    iptables -A INPUT -p tcp --destination-port pop3 -j ACCEPT
    iptables -A INPUT -p tcp --destination-port imap -j ACCEPT
    iptables -A INPUT -p tcp --destination-port smtp -j ACCEPT
    iptables -A INPUT -p tcp --destination-port http -j ACCEPT
    iptables -A INPUT -p tcp --destination-port https -j ACCEPT
    iptables -A INPUT -p tcp --destination-port tcpmux -j ACCEPT
    iptables -A INPUT -p tcp --destination-port ftp -j ACCEPT
    iptables -A INPUT -p tcp --destination-port ssh -j ACCEPT
    first one denys all input, others allow specific destination ports

  3. #3
    It may be a little more easier to read if your put the "iptables -P INPUT" line on the bottom, as the list is a drop through conditional.

    Originally posted by sehe
    iptables rules like those should do the work

    first one denys all input, others allow specific destination ports
    ::. www.diginode.net : Dedicated Servers : Virtual Machine Servers .::
    ::. Industry-Leading Remote Server Management .::
    ::. Automatic OS Re-image : Instant Server Reboot : Remote Serial Console .::
    ::. Over 20 OSes to choose from : Install a new OS every day .::

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •