Linux-Noob Forums Distro Noob Debian v
Blocking Incoming Traffic

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Threaded Mode
Blocking Incoming Traffic
jsn06 Offline
Junior Member
**
Posts: 17
Threads: 14
Joined: Jun 2004
Reputation: 0
#1
2005-09-29, 03:45 PM

You want to block all incoming network traffic, except from your system itself. Does not affect outgoing traffic.

 

 

 

For iptables:

 

# iptables -F INPUT

# iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT

# iptables -A INPUT -j REJECT

 

 

For ipchains:

 

# ipchains -F input

# ipchains -A input -i lo -j ACCEPT

# ipchains -A input -p tcp --syn -j REJECT

# ipchains -A input -p udp --dport 0:1023 -j REJECT :P

 

 

johnny06

Find
Reply
znx Offline
Posting Freak
*****
Posts: 1,229
Threads: 45
Joined: Mar 2005
Reputation: 0
#2
2005-11-05, 04:45 PM

slight refinement..

 



Code:
# iptables -F INPUT
# iptables -A input -i lo -s 127.0.0.1/8 -d 127.0.0.1/8 -j ACCEPT
# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -A INPUT -j DROP




 

ensures that loopback is actually looping.. addition of RELATED state (for instance passive ftp, dcc connections) and DROP rather than REJECT. Drop throws them away, Reject responds.. always better to be non-existant instead of visible..

Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)