it would be MUCH better to iptables -p INPUT DROP # default drop then allow only these ports iptables -A INPUT -p tcp -m multiport --dport 21,22,80,8080 -j ACCEPT safe thinking: Default : drop, allow only what needed. Ralf Spenneberg wrote: > Am Die, 2003-02-18 um 09.57 schrieb Ralf Spenneberg: > > Am Die, 2003-02-18 um 09.12 schrieb jacob_chan: > > > How to block all ports except port 21,22,80,8080 ??? > > > > > > Dear all, > > > > > > I want to block all ports except port 21,22,80,8080. > > Block for what? Input? What protocol? TCP? > > iptables -A INPUT -p tcp ! --dport 21,22,80,8080 -j DROP > Missed the multiport part: > > iptables -A INPUT -p tcp -m multiport ! --dport 21,22,80,8080 -j DROP > > > Cheers, > > > > Ralf > > > > > > Any help appreciated. > > > > > > Best regards, > > > > > > Jacob > > -- > > Ralf Spenneberg > > RHCE, RHCX > > > > IPsec/PPTP Kernels for Red Hat Linux: > > http://www.spenneberg.com/.net/.org/.de > > Honeynet Project Mirror: http://honeynet.spenneberg.org > > Snort Mirror: http://snort.spenneberg.org > -- > Ralf Spenneberg > RHCE, RHCX > > IPsec/PPTP Kernels for Red Hat Linux: > http://www.spenneberg.com/.net/.org/.de > Honeynet Project Mirror: http://honeynet.spenneberg.org > Snort Mirror: http://snort.spenneberg.org
