On Tuesday 18 February 2003 03:12 am, jacob_chan wrote: > How to block all ports except port 21,22,80,8080 ??? > > Dear all, > > I want to block all ports except port 21,22,80,8080. > > Any help appreciated. > > Best regards, > > Jacob If you mean on input, try: iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP iptables -A INPUT -p tcp -m multiport --dport 21,22,80,8080 -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT These will allow nothing in, nothing out, nothing forwarded, except the four specified TCP ports, replies, and associated traffic. You'd also need "insmod ip_conntrack_ftp" for both passive and active FTP to work, so that all data communications would be RELATED to the control port 21. (and "insmod ip_conntrack" if you don't have it already, for the state match to work) j
