Need some help to allow some port only in ubuntu by using iptable

mentari

Hello guy

I need some guide from the expert on how to block all port excerpt certain port like 22,43,80 , anyone can guide me, thank you

grillmaster

First you want to set your default policy to drop all incoming packets:
iptables -P INPUT DROP iptables -P FORWARD DROP

You can do the same with outgoing packets if you want, but I usually leave them unfiltered.
iptables -P OUTPUT ACCEPT

If you want to block all outgoing packets...:
iptables -P OUTPUT DROP

Then you open the ports you want to allow, per protocol:
iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 43 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT

mentari

@grillmaster said:
First you want to set your default policy to drop all incoming packets:
iptables -P INPUT DROP iptables -P FORWARD DROP

You can do the same with outgoing packets if you want, but I usually leave them unfiltered.
iptables -P OUTPUT ACCEPT

If you want to block all outgoing packets...:
iptables -P OUTPUT DROP

Then you open the ports you want to allow, per protocol:
iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 43 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT

How to forward traffic to some port like 443,80 and etc

actually what i want like this

block all input traffic excerpt on (80,22,443)
block all forward traffic excerpt on (80,22,443)
block all output traffic excerpt on (80,22,443)

grillmaster

Set all your policies to DROP, then for port 22:
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A FORWARD -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT

Do the same for other ports.

godong

An alternative of doing it directly is by using CSF, which allow you to specify which port you want to open in its config file. Furthermore, it also help blocking bruce force attacks on your server.