On Sat, Apr 23, 2005 at 05:23:07AM -0400, Ed wrote: > Kashif Ali Bukhari wrote: > > i want to block all inbod access to my linux box and want to allow > > dns, http proxy,ssh,telnet,and ftp > > how can i do this > > First, please see > http://www.catb.org/~esr/faqs/smart-questions.html i love that link. > iptables -A INPUT -p tcp --dport 21 -j ACCEPT > iptables -A INPUT -p tcp --dport 22 -j ACCEPT > iptables -A INPUT -p tcp --dport 23 -j ACCEPT > iptables -A INPUT -p tcp --dport 53 -j ACCEPT and: iptables -A INPUT -p udp --dport 53 -j ACCEPT > iptables -A INPUT -p tcp --dport 3128 -j ACCEPT > iptables -P INPUT DROP > > or if you compile your kernel/iptables with multiport support > > iptables -A INPUT -m multiport -p tcp --dports 21-23,53,3128 -j ACCEPT multiport doesn't support ranges, mport does (and it uses a ':' not a '-'): iptables -A INPUT -p tcp -m mport --dports 21:23,53,3128 -j ACCEPT iptables -A INPUT -p udp --dport 53 -j ACCEPT > iptables -P INPUT DROP > > A classic RTFM/STFW case, nonetheless... yes. couldn't resist the nit-pick, though. ;-) -j -- "Joe Swanson: You can't just come over here and annex my pool! Peter: Oh yeah? Well, according to paragraph 7, sentence 3, word 8 of the Geneva Convention..."the". So, tough luck, Swanson." --Family Guy
