Creating a filter with iptables - Networking

This is a discussion on Creating a filter with iptables - Networking ; I want to prohibit various internet hosts from accessing a range of ports on one of my computers. I believe that iptables is the tool that I need for this, but I am not familiar with software firewalling in the ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Creating a filter with iptables

  1. Creating a filter with iptables

    I want to prohibit various internet hosts from accessing a range of
    ports on one of my computers. I believe that iptables is the tool that I
    need for this, but I am not familiar with software firewalling in the
    Linux environment. I am wading through documentation, but it is heavy
    going and I am struggling to decypher the manuals. I really need an
    example script that matches my requirements.

    I want to block access to a range of ports 7000 to 7999 and
    individual port 8026 on my server from hosts on networks 213.55.64.0/19
    and 81.169.160.0/19.

    I do not want anything else altered at this time, and I want all
    remaining traffic to that machine to be permitted.

    I have installed the iptables package, but I have not yet created a
    script to activate it.

    The server is an IBM compatible (Pentium 120) computer running Debian
    Etch.

    Thanks in advance to anyone who can help.

    Regards,

    Mark.

    --
    Mark Hobley,
    393 Quinton Road West,
    Quinton, BIRMINGHAM.
    B32 1QE.

  2. Re: Creating a filter with iptables

    On Monday 30 June 2008 02:06, Mark Hobley wrote:

    > I want to prohibit various internet hosts from accessing a range of
    > ports on one of my computers. I believe that iptables is the tool that I
    > need for this, but I am not familiar with software firewalling in the
    > Linux environment. I am wading through documentation, but it is heavy
    > going and I am struggling to decypher the manuals. I really need an
    > example script that matches my requirements.


    I *strongly* suggest you thoroughly read the documentation, rather than
    trust someone else's scripts without understanding what those do. This
    should be a good starting point:

    http://iptables-tutorial.frozentux.n...-tutorial.html

    > I want to block access to a range of ports 7000 to 7999 and
    > individual port 8026 on my server from hosts on networks 213.55.64.0/19
    > and 81.169.160.0/19.


    You don't say if you want to block TCP or UDP ports.

    iptables -A INPUT -s 213.55.64.0/19 -p tcp --dport 7000:7999 -j DROP
    iptables -A INPUT -s 213.55.64.0/19 -p tcp --dport 8026 -j DROP
    iptables -A INPUT -s 81.169.160.0/19 -p tcp --dport 7000:7999 -j DROP
    iptables -A INPUT -s 81.169.160.0/19 -p tcp --dport 8026 -j DROP

    Replace -p tcp with -p udp if you want to block UDP ports.


+ Reply to Thread