Kashif Ali Bukhari wrote: > i want to block all inbod access to my linux box and want to allow > dns, http proxy,ssh,telnet,and ftp > how can i do this > First, please see http://www.catb.org/~esr/faqs/smart-questions.html iptables -A INPUT -p tcp --dport 21 -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 23 -j ACCEPT iptables -A INPUT -p tcp --dport 53 -j ACCEPT iptables -A INPUT -p tcp --dport 3128 -j ACCEPT iptables -P INPUT DROP or if you compile your kernel/iptables with multiport support iptables -A INPUT -m multiport -p tcp --dports 21-23,53,3128 -j ACCEPT iptables -P INPUT DROP A classic RTFM/STFW case, nonetheless...
