1. Block specific host
iptables -I INPUT -s XXX.XXX.XXX.XXX -j DROP
2. Block specific ports
# Allow loopback access. Rule for your computer to be able to access itself via the loopback. This rule must come before the rules denying port access!!
iptables -A INPUT -i lo -p all -j ACCEPT
iptables -A OUTPUT -o lo -p all -j ACCEPT
# Block NFS
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --dport 2049 -j DROP
iptables -A INPUT -p udp -s 0/0 -d 0/0 --dport 2049 -j DROP
# Block X-Windows
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --dport 6000:6009 -j DROP
# Block X-Windows font server
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --dport 7100 -j DROP
# Block printer port
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --dport 515 -j DROP
iptables -A INPUT -p udp -s 0/0 -d 0/0 --dport 515 -j DROP
# Block Sun rpc/NFS
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --dport 111 -j DROP
iptables -A INPUT -p udp -s 0/0 -d 0/0 --dport 111 -j DROP
# Deny packets which claim to be from your loopback interface
iptables -A INPUT -p all -s localhost -i eth0 -j DROP
Debugging and Logging
-----------------------------
iptables -A INPUT -j LOG --log-prefix "INPUT_DROP: "
iptables -A OUTPUT -j LOG --log-prefix "OUTPUT_DROP: "
NB:
Add these (logging) to the end of your rules inorder to monitor dropped connections in /var/log/messages. It generates outrageous volume of messages. Use for debugging or short term monitoring of the network.
No comments:
Post a Comment
Feel free to leave a comment