{"id":23187,"date":"2020-12-09T09:58:51","date_gmt":"2020-12-09T01:58:51","guid":{"rendered":"https:\/\/web.mwwsb.com.my\/pjci\/?post_type=kb&p=23187"},"modified":"2022-09-08T20:00:21","modified_gmt":"2022-09-08T12:00:21","slug":"how-to-block-all-ports-in-iptables","status":"publish","type":"kb","link":"https:\/\/www.casbay.com\/guide\/kb\/how-to-block-all-ports-in-iptables","title":{"rendered":"HOW TO: Block all ports in IPtables"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t

HOW TO: Block all ports in IPtables<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

Here we provide a sample of the most popular iptables configuration.<\/p>

We will block all connections except specific ports<\/p>

First of all, to exclude any errors because of the previous config we will delete all current iptables rules.<\/p>

SSH\u00a0to your server with root and execute the commands below:<\/p>

iptables -t filter -F \niptables -t filter -X \n<\/pre>
Now we will block all traffic:<\/p>
iptables -t filter -P INPUT DROP \niptables -t filter -P FORWARD DROP \niptables -t filter -P OUTPUT DROP \n<\/pre>
We will keep established connections (you can skip it but we recommend to put these rules)<\/p>
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT \niptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT \n<\/pre>
Allow loopback connections (necessary in some cases . we recommend to add this rule to exclude possible applications issues)<\/p>
iptables -t filter -A INPUT -i lo -j ACCEPT \niptables -t filter -A OUTPUT -o lo -j ACCEPT \n<\/pre>
And now we are ready to add \u201callowed rules\u201d For example, we will allow http traffic:<\/p>
iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT\niptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT\n<\/pre>
And also do not forget about SSH (in case you use differ ssh port -change it)<\/p>
iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT\niptables -t filter -A OUTPUT -p tcp --dport 22 -j ACCEPT\n<\/pre>
You also can open ssh port for specific IP<\/p>
iptables -I INPUT -p tcp -m tcp -s 101.69.69.101 --dport 22 -j ACCEPT\niptables -I INPUT -p tcp -m tcp -s 0.0.0.0\/0 --dport 22 -j DROP\n<\/pre>
In case you need to allow some port range use the next example:<\/p>
iptables -t filter -A OUTPUT -p tcp --dport 1024:2000 -j ACCEPT\niptables -t filter -A INPUT -p tcp --dport 1024:2000 -j ACCEPT\n<\/pre>
Block all UDP except port 53 (DNS):<\/p>
#allow dns requests \niptables -A OUTPUT -p udp --dport 53 -j ACCEPT\niptables -A OUTPUT -p udp --dport 53 -j ACCEPT\n#block all other udp\niptables -A OUTPUT -p udp -j DROP\nip6tables -A OUTPUT -p udp -j DROP\n<\/pre>
You can add allowed nameservers with the \u201c-d\u201d parameter:<\/p>
iptables -A OUTPUT -p udp --dport 53 -d 8.8.8.8 -j ACCEPT\niptables -A OUTPUT -p udp --dport 53 -d 8.8.4.4 -j ACCEPT\n<\/pre>
Disable outgoing ping echo request:<\/p>
iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP\n<\/pre>
Disable incoming pings:<\/p>
iptables -A INPUT -p icmp --icmp-type echo-request -j REJECT\n<\/pre>
After you add all \u201callow\u201d rules do not forget to save the current iptables config to the file:<\/p>
iptables-save >\/etc\/sysconfig\/iptables\n<\/pre>
And restart the service:<\/p>
service iptables restart<\/pre>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
Read more on HOW TO: Check if IP is blocked from IPtables<\/em><\/a> or visit Casbay VPS Hosting<\/a><\/em> for more information!<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"
HOW TO: Block all ports in IPtables Here we provide a sample of the most popular iptables configuration. We will block all connections except specific ports First of all, to exclude any errors because of the previous config we will delete all current iptables rules. SSH\u00a0to your server with root and execute the commands below: […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"site-sidebar-layout":"no-sidebar","site-content-layout":"page-builder","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"disabled","ast-breadcrumbs-content":"","ast-featured-img":"disabled","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"default","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}}},"kbtopic":[113],"kbtag":[106],"mkb_version":[],"_links":{"self":[{"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kb\/23187"}],"collection":[{"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kb"}],"about":[{"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/types\/kb"}],"author":[{"embeddable":true,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/comments?post=23187"}],"version-history":[{"count":9,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kb\/23187\/revisions"}],"predecessor-version":[{"id":36629,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kb\/23187\/revisions\/36629"}],"wp:attachment":[{"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/media?parent=23187"}],"wp:term":[{"taxonomy":"kbtopic","embeddable":true,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kbtopic?post=23187"},{"taxonomy":"kbtag","embeddable":true,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kbtag?post=23187"},{"taxonomy":"mkb_version","embeddable":true,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/mkb_version?post=23187"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}