cancel
Showing results for 
Search instead for 
Did you mean: 

ports

 
RobertClark
Occasional Contributor

ports

How can i add rule for dynamic ports in iptables , am not sure of the the ports used by services.
5 REPLIES
Steven E. Protter
Exalted Contributor

Re: ports

Shalom,

iptables -A INPUT -s -p tcp --dport 25 -j DROP

example

iptables -A INPUT -s 192.168.0.10 -p tcp --dport 25 -j DROP

This drops port 25 (smtp) traffic for host 192.168.0.10

Once you are happy with the rules.

service iptables save

Makes them permanent in /etc/sysconfig/iptables

You'd better get a handle on what ports you need open before doing this.

netstat -an | grep LISTEN

Just because the service is listening however does not mean you want to authorize it.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
RobertClark
Occasional Contributor

Re: ports

Thanks !

actually i have to open port, my services use call back routine , which picks up any port

if i use this rule , is it safe , or is there any better way of doing it.


$IPTABLES -A INPUT -p tcp --dport 1024:65535 -j ACCEPT
RobertClark
Occasional Contributor

Re: ports

Hi
Can somebody suggest me how to add entry in iptables to accept connection for all the ports

Please tell me if u need more information

regards
Robert
skt_skt
Honored Contributor

Re: ports

replace ip range with 0.0.0.0
Heironimus
Honored Contributor

Re: ports

If you want to allow unrestricted access from a specific host you don't specify a port. Something like "iptables -A INPUT -s 192.168.1.2 -j ACCEPT".

If you want to allow access from any host to any port turn off iptables because you're trying not to use it.

If you have an application that requires random ports from an uncontrolled range you will not be able to run it through a normal firewall and you should talk to your vendor about it.