block 8080, but redirect from 80 to 8080

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I would like block all traffic to port 8080 except that which was redirected in the nat table from port 80 to 8080. I have a default policy of DROP on incoming. The following is what my iptables file currently has and this works, EXCEPT that 8080 is left open to anyone.... 

*nat table.....
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080

*filter table.....
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
but anyone can go to http://<machine>:8080 which I want to disallow. How can I fix that? 
thanks,
dean
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux