Fli
10-03-2013, 11:05 AM
Hello,
if i want to disallow incoming HTTP connections using IP tables, please which commands i need to use?
I tried
iptables -A INPUT -p tcp --dport 80 -j DROP
but it still load the website..
how then i can remove that rule? Exactly same command only with -D ?
-----
EDIT: I found the answer, iptables -A means it will append rule to the end of rules list, when i inserted it at the beginning by command iptables -I , it worked.
Command to add:
/sbin/iptables -I INPUT -p tcp --dport PORTNUMBERORNAME -j DROP
Command to delete:
/sbin/iptables -D INPUT -p tcp --dport PORTNUMBERORNAME -j DROP
to get list of open ports: nmap localhost
For rules to survive reboot, on Debian I did: sudo iptables-save|tee -a /etc/iptables/rules.v4 && sudo iptables-save|tee -a /etc/iptables/rules.v6
if you want to allow/deny port connections repeatedly, you may use my script (http://internetlifeforum.com/programming-scripting/968-linux-bash-script-easy-port-connections-banning-iptables-firewall/#post1483) to simplify the job.
if i want to disallow incoming HTTP connections using IP tables, please which commands i need to use?
I tried
iptables -A INPUT -p tcp --dport 80 -j DROP
but it still load the website..
how then i can remove that rule? Exactly same command only with -D ?
-----
EDIT: I found the answer, iptables -A means it will append rule to the end of rules list, when i inserted it at the beginning by command iptables -I , it worked.
Command to add:
/sbin/iptables -I INPUT -p tcp --dport PORTNUMBERORNAME -j DROP
Command to delete:
/sbin/iptables -D INPUT -p tcp --dport PORTNUMBERORNAME -j DROP
to get list of open ports: nmap localhost
For rules to survive reboot, on Debian I did: sudo iptables-save|tee -a /etc/iptables/rules.v4 && sudo iptables-save|tee -a /etc/iptables/rules.v6
if you want to allow/deny port connections repeatedly, you may use my script (http://internetlifeforum.com/programming-scripting/968-linux-bash-script-easy-port-connections-banning-iptables-firewall/#post1483) to simplify the job.