Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
25% Recurring Discount on NVMe VPS
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Allow only some port centos

hi, can anyone direct me to right place?
I want to block all ports on my centos 6.4 64bit and only allow some port such as 22,80,53.

but, how can I do this effetively??
I tried gooogling but cant find right place. maybe my keyword is the reason..

centos 6.4
64 bit
openvz

Comments

  • blackblack Member
    edited September 2013
    iptables -P INPUT DROP
    iptables -A INPUT -i lo -p all -j ACCEPT
    iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
    

    Careful with this though, it'll take some work to undo it if it's wrong.

  • Here is a great breakdown on how to use iptables.

    http://www.cyberciti.biz/tips/linux-iptables-examples.html

  • I've used APF firewall since Centos 4.6. I find it easier to install, allow,block ports, ips, etc.,

    This guide works. :)
    http://www.howtoforge.com/how-to-install-and-configure-advanced-policy-firewall-apf-on-centos-5.3

    Edit the main configuration file
    nano -w /etc/apf/conf.apf

    DEVEL_MODE="1" - be sure to set this option to 1 until You're satisfied with the settings.

    Default inbound TCP ports to open

    IG_TCP_CPORTS="20,21,22,25,26,37,43,53,80,110,113,143,443,465,873,993,995,2077,2078,2082,2083,2086,2087,2095,2096,3306,6666"

    For your scenario, you will have
    IG_TCP_CPORTS="22,80,53"

  • I use CSF and LFD as I found iptables to not be so good. There's a good tutorial you can adapt to your needs here: http://forum.mratwork.com/viewtopic.php?f=15&t=19200

  • @sc754 said:
    I use CSF and LFD as I found iptables to not be so good. There's a good tutorial you can adapt to your needs here: http://forum.mratwork.com/viewtopic.php?f=15&t=19200

    You do realize that CSF/LFD is just a gui for iptables, right?

  • @sc754 said:
    I use CSF and LFD as I found iptables to not be so good.

    CFS/LFS is a frontend to iptables ;)

  • Ok well, it works so I'm happy :P

  • tried csf long time ago.. but I ended up blocking myself because it detct Im ddosing the server.. it has too much setting that I dont need

  • CNJeremyCNJeremy Member
    edited September 2013

    @psycholyzern said:
    tried csf long time ago.. but I ended up blocking myself because it detct Im ddosing the server.. it has too much setting that I dont need

    Add your IP to the /etc/csf/csf.allow file and it will no longer block you no matter what you do.

  • but it will block any ip that it think ddosing it..
    I gt plenty user on the server

  • If the person DDoSing your server knows which ports are opened, they can still take it down.

    They can DDoS it anyway, eating up your CPU and incoming bandwidth.

  • @black said:
    If the person DDoSing your server knows which ports are opened, they can still take it down.

    They can DDoS it anyway, eating up your CPU and incoming bandwidth.

    I didnt focusing on ddos attack.. so, I dont need ddos firewall.. I just need to close all port and allow only some of them..
    I tried csf, but somehow, csf block me because think I am ddosing the server.. just because I access phpmyadmin page

  • I don't think that word means what you think it means.

Sign In or Register to comment.