Iptables: block port

From OnnoWiki
Jump to navigation Jump to search

sumber: https://www.cyberciti.biz/faq/iptables-block-port/


How do I block port number with iptables under Linux operating systems?

Port numbers which are recognized by Internet and other network protocols, enabling the computer to interact with others. Each Linux server has a port number (see /etc/services file). For example:

TCP port 80 – HTTP Server
TCP port 443 – HTTPS Server
TCP port 25 – Mail Server
TCP port 22 – OpenSSH (remote) secure shell server
TCP port 110 – POP3 (Post Office Protocol v3) server
TCP port 143 – Internet Message Access Protocol (IMAP) — management of email messages
TCP / UDP port 53 – Domain Name System (DNS)

Block Incoming Port

The syntax is as follows to block incoming port using IPtables:

/sbin/iptables -A INPUT -p tcp --destination-port {PORT-NUMBER-HERE} -j DROP
 
### interface section use eth1 ###
/sbin/iptables -A INPUT -i eth1 -p tcp --destination-port {PORT-NUMBER-HERE} -j DROP
 
### only drop port for given IP or Subnet ##
/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port {PORT-NUMBER-HERE} -s {IP-ADDRESS-HERE} -j DROP
/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port {PORT-NUMBER-HERE} -s {IP/SUBNET-HERE} -j DROP

To block port 80 (HTTP server), enter (or add to your iptables shell script):

# /sbin/iptables -A INPUT -p tcp --destination-port 80 -j DROP
# /sbin/service iptables save

Block Incomming Port 80 except for IP Address 1.2.3.4

# /sbin/iptables -A INPUT -p tcp -i eth1 -s ! 1.2.3.4 --dport 80 -j DROP

Block Outgoing Port

The syntax is as follows:

/sbin/iptables -A OUTPUT -p tcp --dport {PORT-NUMBER-HERE} -j DROP
 
### interface section use eth1 ###
/sbin/iptables -A OUTPUT -o eth1 -p tcp --dport {PORT-NUMBER-HERE} -j DROP
 
### only drop port for given IP or Subnet ##
/sbin/iptables -A OUTPUT -o eth0 -p tcp --destination-port {PORT-NUMBER-HERE} -s {IP-ADDRESS-HERE} -j DROP
/sbin/iptables -A OUTPUT -o eth0 -p tcp --destination-port {PORT-NUMBER-HERE} -s {IP/SUBNET-HERE} -j DROP

To block outgoing port # 25, enter:

# /sbin/iptables -A OUTPUT -p tcp --dport 25 -j DROP
# /sbin/service iptables save

You can block port # 1234 for IP address 192.168.1.2 only:

# /sbin/iptables -A OUTPUT -p tcp -d 192.168.1.2 --dport 1234 -j DROP
  1. /sbin/service iptables save

How Do I Log Dropped Port Details?

Use the following syntax:

# Logging #
### If you would like to log dropped packets to syslog, first log it ###
/sbin/iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "PORT 80 DROP: " --log-level 7

### now drop it ###
/sbin/iptables -A INPUT -p tcp --destination-port 80 -j DROP

How Do I Block Cracker (IP: 123.1.2.3) Access To UDP Port # 161?

/sbin/iptables -A INPUT -s 123.1.2.3 -i eth1 -p udp -m state --state NEW -m udp --dport 161 -j DROP

# drop students 192.168.1.0/24 subnet to port 80
/sbin/iptables -A INPUT -s 192.168.1.0/24 -i eth1 -p tcp -m state --state NEW -m tcp --dport 80 -j DROP

How do I view blocked ports rules?

Use the iptables command:

# /sbin/iptables -L -n -v
# /sbin/iptables -L -n -v | grep port
# /sbin/iptables -L -n -v | grep -i DROP
# /sbin/iptables -L OUTPUT -n -v
# /sbin/iptables -L INPUT -n -v



Referensi