Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Need some help to allow some port only in ubuntu by using iptable
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Need some help to allow some port only in ubuntu by using iptable

Hello guy

I need some guide from the expert on how to block all port excerpt certain port like 22,43,80 , anyone can guide me, thank you

Comments

  • grillmastergrillmaster Member
    edited November 2013

    First you want to set your default policy to drop all incoming packets:
    iptables -P INPUT DROP iptables -P FORWARD DROP

    You can do the same with outgoing packets if you want, but I usually leave them unfiltered.
    iptables -P OUTPUT ACCEPT

    If you want to block all outgoing packets...:
    iptables -P OUTPUT DROP

    Then you open the ports you want to allow, per protocol:
    iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 43 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT

  • @grillmaster said:
    First you want to set your default policy to drop all incoming packets:
    iptables -P INPUT DROP iptables -P FORWARD DROP

    You can do the same with outgoing packets if you want, but I usually leave them unfiltered.
    iptables -P OUTPUT ACCEPT

    If you want to block all outgoing packets...:
    iptables -P OUTPUT DROP

    Then you open the ports you want to allow, per protocol:
    iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 43 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT

    How to forward traffic to some port like 443,80 and etc

    actually what i want like this

    block all input traffic excerpt on (80,22,443)
    block all forward traffic excerpt on (80,22,443)
    block all output traffic excerpt on (80,22,443)

  • Set all your policies to DROP, then for port 22:
    iptables -A INPUT -p tcp --dport 22 -j ACCEPT
    iptables -A FORWARD -p tcp --dport 22 -j ACCEPT
    iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT

    Do the same for other ports.

  • An alternative of doing it directly is by using CSF, which allow you to specify which port you want to open in its config file. Furthermore, it also help blocking bruce force attacks on your server.

Sign In or Register to comment.