Re: blocking all trafic exapt selcter ports

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Kashif Ali Bukhari wrote:
> i want to block all inbod access to my linux box and want to allow
> dns, http proxy,ssh,telnet,and ftp 
> how can i do this 
> 


First, please see
http://www.catb.org/~esr/faqs/smart-questions.html

iptables -A INPUT -p tcp --dport  21 -j ACCEPT
iptables -A INPUT -p tcp --dport  22 -j ACCEPT
iptables -A INPUT -p tcp --dport  23 -j ACCEPT
iptables -A INPUT -p tcp --dport  53 -j ACCEPT
iptables -A INPUT -p tcp --dport  3128 -j ACCEPT
iptables -P INPUT DROP


or if you compile your kernel/iptables with multiport support

iptables -A INPUT -m multiport -p tcp --dports 21-23,53,3128 -j ACCEPT
iptables -P INPUT DROP

A classic RTFM/STFW case, nonetheless...



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux