New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
First you want to set your default policy to drop all incoming packets:
iptables -P INPUT DROP iptables -P FORWARD DROP
You can do the same with outgoing packets if you want, but I usually leave them unfiltered.
iptables -P OUTPUT ACCEPT
If you want to block all outgoing packets...:
iptables -P OUTPUT DROP
Then you open the ports you want to allow, per protocol:
iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 43 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT
How to forward traffic to some port like 443,80 and etc
actually what i want like this
block all input traffic excerpt on (80,22,443)
block all forward traffic excerpt on (80,22,443)
block all output traffic excerpt on (80,22,443)
Set all your policies to DROP, then for port 22:
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A FORWARD -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT
Do the same for other ports.
An alternative of doing it directly is by using CSF, which allow you to specify which port you want to open in its config file. Furthermore, it also help blocking bruce force attacks on your server.