Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Allow only some port centos
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Allow only some port centos

hi, can anyone direct me to right place?
I want to block all ports on my centos 6.4 64bit and only allow some port such as 22,80,53.

but, how can I do this effetively??
I tried gooogling but cant find right place. maybe my keyword is the reason..

centos 6.4
64 bit
openvz

Comments

  • blackblack Member
    edited September 2013
    iptables -P INPUT DROP
    iptables -A INPUT -i lo -p all -j ACCEPT
    iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
    

    Careful with this though, it'll take some work to undo it if it's wrong.

  • Here is a great breakdown on how to use iptables.

    http://www.cyberciti.biz/tips/linux-iptables-examples.html

  • I've used APF firewall since Centos 4.6. I find it easier to install, allow,block ports, ips, etc.,

    This guide works. :)
    http://www.howtoforge.com/how-to-install-and-configure-advanced-policy-firewall-apf-on-centos-5.3

    Edit the main configuration file
    nano -w /etc/apf/conf.apf

    DEVEL_MODE="1" - be sure to set this option to 1 until You're satisfied with the settings.

    Default inbound TCP ports to open

    IG_TCP_CPORTS="20,21,22,25,26,37,43,53,80,110,113,143,443,465,873,993,995,2077,2078,2082,2083,2086,2087,2095,2096,3306,6666"

    For your scenario, you will have
    IG_TCP_CPORTS="22,80,53"

  • I use CSF and LFD as I found iptables to not be so good. There's a good tutorial you can adapt to your needs here: http://forum.mratwork.com/viewtopic.php?f=15&t=19200

  • @sc754 said:
    I use CSF and LFD as I found iptables to not be so good. There's a good tutorial you can adapt to your needs here: http://forum.mratwork.com/viewtopic.php?f=15&t=19200

    You do realize that CSF/LFD is just a gui for iptables, right?

  • @sc754 said:
    I use CSF and LFD as I found iptables to not be so good.

    CFS/LFS is a frontend to iptables ;)

  • Ok well, it works so I'm happy :P

  • tried csf long time ago.. but I ended up blocking myself because it detct Im ddosing the server.. it has too much setting that I dont need

  • CNJeremyCNJeremy Member
    edited September 2013

    @psycholyzern said:
    tried csf long time ago.. but I ended up blocking myself because it detct Im ddosing the server.. it has too much setting that I dont need

    Add your IP to the /etc/csf/csf.allow file and it will no longer block you no matter what you do.

  • but it will block any ip that it think ddosing it..
    I gt plenty user on the server

  • If the person DDoSing your server knows which ports are opened, they can still take it down.

    They can DDoS it anyway, eating up your CPU and incoming bandwidth.

  • @black said:
    If the person DDoSing your server knows which ports are opened, they can still take it down.

    They can DDoS it anyway, eating up your CPU and incoming bandwidth.

    I didnt focusing on ddos attack.. so, I dont need ddos firewall.. I just need to close all port and allow only some of them..
    I tried csf, but somehow, csf block me because think I am ddosing the server.. just because I access phpmyadmin page

  • I don't think that word means what you think it means.

Sign In or Register to comment.