Solved

Close all other ports with iptables

Posted on 2008-10-20
1
1,803 Views
Last Modified: 2013-11-15
I would like to close all of the ports that i do not provide rules for.  what do i need to do to acheive this?

My Rules are below, any help is greatly appreciated.

iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5631 -j DNAT --to-destination 10.0.0.1
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5632 -j DNAT --to-destination 10.0.0.1
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3389 -j DNAT --to-destination 10.0.0.1
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5900 -j DNAT --to-destination 10.0.0.1
0
Comment
Question by:CNTPL89
1 Comment
 
LVL 31

Accepted Solution

by:
James Murrell earned 500 total points
ID: 22767809
taken from http://www.linux-noob.com/forums/index.php?showtopic=1280


Best thing is to disable all services that are not needed. When a service doesn't listen the port is not open, so no security risk. You don't need a firewall for that at all. But just to answer that question:

CODE
# Set the default policy of the INPUT chain to DROP
iptables -P INPUT DROP
# Accept incomming TCP connections from eth0 on port 20 and 21
iptables -A INPUT -i eth0 -p tcp --dport 20:21 -j ACCEPT

'--dport' means destination port which is the port on your side. '--sport' (source port) would be the port on the client side.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

1. Introduction As many people are interested in Linux but not as many are interested or knowledgeable (enough) to install Linux on their system, here is a safe way to try out Linux on your existing (Windows) system. The idea is that you insta…
The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now