Solved

Close all other ports with iptables

Posted on 2008-10-20
1
1,812 Views
Last Modified: 2013-11-15
I would like to close all of the ports that i do not provide rules for.  what do i need to do to acheive this?

My Rules are below, any help is greatly appreciated.

iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5631 -j DNAT --to-destination 10.0.0.1
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5632 -j DNAT --to-destination 10.0.0.1
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3389 -j DNAT --to-destination 10.0.0.1
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5900 -j DNAT --to-destination 10.0.0.1
0
Comment
Question by:CNTPL89
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 31

Accepted Solution

by:
James Murrell earned 500 total points
ID: 22767809
taken from http://www.linux-noob.com/forums/index.php?showtopic=1280


Best thing is to disable all services that are not needed. When a service doesn't listen the port is not open, so no security risk. You don't need a firewall for that at all. But just to answer that question:

CODE
# Set the default policy of the INPUT chain to DROP
iptables -P INPUT DROP
# Accept incomming TCP connections from eth0 on port 20 and 21
iptables -A INPUT -i eth0 -p tcp --dport 20:21 -j ACCEPT

'--dport' means destination port which is the port on your side. '--sport' (source port) would be the port on the client side.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In order for businesses to be compliant with certain information security laws in some countries, you need to be able to prove that a user (which user it was becomes important to the business to take action against the user after an event has occurr…
This article will explain how to establish a SSH connection to Ubuntu through the firewall and using a different port other then 22. I have set up a Ubuntu virtual machine in Virtualbox and I am running a Windows 7 workstation. From the Ubuntu vi…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question