Solved

Close all other ports with iptables

Posted on 2008-10-20
1
1,809 Views
Last Modified: 2013-11-15
I would like to close all of the ports that i do not provide rules for.  what do i need to do to acheive this?

My Rules are below, any help is greatly appreciated.

iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5631 -j DNAT --to-destination 10.0.0.1
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5632 -j DNAT --to-destination 10.0.0.1
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3389 -j DNAT --to-destination 10.0.0.1
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5900 -j DNAT --to-destination 10.0.0.1
0
Comment
Question by:CNTPL89
1 Comment
 
LVL 31

Accepted Solution

by:
James Murrell earned 500 total points
ID: 22767809
taken from http://www.linux-noob.com/forums/index.php?showtopic=1280


Best thing is to disable all services that are not needed. When a service doesn't listen the port is not open, so no security risk. You don't need a firewall for that at all. But just to answer that question:

CODE
# Set the default policy of the INPUT chain to DROP
iptables -P INPUT DROP
# Accept incomming TCP connections from eth0 on port 20 and 21
iptables -A INPUT -i eth0 -p tcp --dport 20:21 -j ACCEPT

'--dport' means destination port which is the port on your side. '--sport' (source port) would be the port on the client side.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In my business, I use the LTS (Long Term Support) versions of Linux. My workstations do real work, and so I rarely have the patience to deal with silly problems caused by an upgraded kernel that had experimental software on it to begin with from a r…
The purpose of this article is to show how we can create Linux Mint virtual machine using Oracle Virtual Box. To install Linux Mint we have to download the ISO file from its website i.e. http://www.linuxmint.com. Once you open the link you will see …
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question