Solved

Close all other ports with iptables

Posted on 2008-10-20
1
1,802 Views
Last Modified: 2013-11-15
I would like to close all of the ports that i do not provide rules for.  what do i need to do to acheive this?

My Rules are below, any help is greatly appreciated.

iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5631 -j DNAT --to-destination 10.0.0.1
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5632 -j DNAT --to-destination 10.0.0.1
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3389 -j DNAT --to-destination 10.0.0.1
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5900 -j DNAT --to-destination 10.0.0.1
0
Comment
Question by:CNTPL89
1 Comment
 
LVL 31

Accepted Solution

by:
James Murrell earned 500 total points
ID: 22767809
taken from http://www.linux-noob.com/forums/index.php?showtopic=1280


Best thing is to disable all services that are not needed. When a service doesn't listen the port is not open, so no security risk. You don't need a firewall for that at all. But just to answer that question:

CODE
# Set the default policy of the INPUT chain to DROP
iptables -P INPUT DROP
# Accept incomming TCP connections from eth0 on port 20 and 21
iptables -A INPUT -i eth0 -p tcp --dport 20:21 -j ACCEPT

'--dport' means destination port which is the port on your side. '--sport' (source port) would be the port on the client side.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

This document is written for Red Hat Enterprise Linux AS release 4 and ORACLE 10g.  Earlier releases can be installed using this document as well however there are some additional steps for packages to be installed see Metalink. Disclaimer: I hav…
In my business, I use the LTS (Long Term Support) versions of Linux. My workstations do real work, and so I rarely have the patience to deal with silly problems caused by an upgraded kernel that had experimental software on it to begin with from a r…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now