blocking all trafic exapt selcter ports

Ed netfilter at crazeecanuck.homelinux.net
Sat Apr 23 22:58:33 CEST 2005


Jason Opperisano wrote:
> On Sat, Apr 23, 2005 at 05:23:07AM -0400, Ed wrote:
> 
>>Kashif Ali Bukhari wrote:
>>
>>>i want to block all inbod access to my linux box and want to allow
>>>dns, http proxy,ssh,telnet,and ftp 
>>>how can i do this 
>>
>>First, please see
>>http://www.catb.org/~esr/faqs/smart-questions.html
> 
> 
> i love that link.
> 

Me too :)

> 
> 
> and:
>   iptables -A INPUT -p udp --dport 53 -j ACCEPT
> 

Ooops, shouldn't respond when really tired. =P

>  
> multiport doesn't support ranges, mport does (and it uses a ':' not a
> '-'):

Again, tiredness :S (glad you caught that).

>>A classic RTFM/STFW case, nonetheless...
> 
> 
> yes.  couldn't resist the nit-pick, though.  ;-)

...and for that I am grateful.  TY (really!) for the corrections. =)  I
shouldn't post when really tired (instead of drinking, that'll be my
excuse).


/me goes back to primarily lurking...




More information about the netfilter mailing list