blocking all trafic exapt selcter ports
Ed
netfilter at crazeecanuck.homelinux.net
Sat Apr 23 11:23:07 CEST 2005
Kashif Ali Bukhari wrote:
> i want to block all inbod access to my linux box and want to allow
> dns, http proxy,ssh,telnet,and ftp
> how can i do this
>
First, please see
http://www.catb.org/~esr/faqs/smart-questions.html
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 23 -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 3128 -j ACCEPT
iptables -P INPUT DROP
or if you compile your kernel/iptables with multiport support
iptables -A INPUT -m multiport -p tcp --dports 21-23,53,3128 -j ACCEPT
iptables -P INPUT DROP
A classic RTFM/STFW case, nonetheless...
More information about the netfilter
mailing list