From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Dharmendra.T" Subject: Re: Redhat Linux 8.0 IPtables help Date: 06 Jun 2003 10:10:01 +0530 Sender: netfilter-admin@lists.netfilter.org Message-ID: <1054874488.2496.7.camel@india> References: <20030602160653.GB14609@eris> <20030602165342.GC14917@harp.incogen.com> <20030602171755.GA6298@hactar.local.funknet.net> <200306041635.19489.rfunk@funknet.net> <000f01c32b99$3d65fab0$8c01a8c0@percipia.com> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="=-Fk2MLzKC3BhJ78tCKEE7" Return-path: In-Reply-To: <000f01c32b99$3d65fab0$8c01a8c0@percipia.com> Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: Sundaram Ramasamy Cc: netfilter@lists.netfilter.org --=-Fk2MLzKC3BhJ78tCKEE7 Content-Type: text/plain Content-Transfer-Encoding: 7bit On Fri, 2003-06-06 at 01:02, Sundaram Ramasamy wrote: Hi, I have Linux machine with single Network interface. I want to block all the tcp,udp and icmp port's other then 22,23,24 and 80. Can you verify the following script? IPTABLES=/sbin/iptables $IPTABLES -P INPUT DROP $IPTABLES -P OUTPUT DROP $IPTABLES -P FORWARD DROP $IPTABLES -A INPUT -p tcp -m multiport --destination-port 22,23,24,80 -j ACCEPT $IPTABLES -A INPUT -p udp -m multiport --destination-port 22,23,24,80 -j ACCEPT What port should I block for icmp protocol? -SR You have to add the following rules to enable the communication. $IPTABLES -A OUTPUT -p tcp -m multiport --source-port 22,23,24,80 -j ACCEPT $IPTABLES -A OUTPUT -p udp -m multiport --source-port 22,23,24,80 -j ACCEPT -- Regards Dharmendra.T This message is intended for the addressee only. It may contain privileged or Confidential information. If you have received this message in error,please notify the sender and destroy the message immediately.Unauthorised use or reproduction of this message is strictly prohibited. --=-Fk2MLzKC3BhJ78tCKEE7 Content-Type: text/html; charset=utf-8 On Fri, 2003-06-06 at 01:02, Sundaram Ramasamy wrote:

Hi,



I have Linux machine with single Network interface. I want to block all the
tcp,udp and icmp port's other then 22,23,24 and 80.



Can you verify the following script?





IPTABLES=/sbin/iptables



$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP

$IPTABLES -A INPUT -p tcp -m multiport --destination-port 22,23,24,80 -j
ACCEPT



$IPTABLES -A INPUT -p udp -m multiport --destination-port 22,23,24,80 -j
ACCEPT





What port should I block for icmp protocol?



-SR

	You have to add the following rules to enable the communication.

$IPTABLES -A OUTPUT -p tcp -m multiport --source-port 22,23,24,80 -j ACCEPT
$IPTABLES -A OUTPUT -p udp -m multiport --source-port 22,23,24,80 -j ACCEPT

-- 
Regards
Dharmendra.T


This message is intended for the addressee only. It may contain privileged or Confidential information. If you have received this message in error,please notify the sender and destroy the message immediately.Unauthorised use or reproduction of this message is strictly prohibited.

--=-Fk2MLzKC3BhJ78tCKEE7--