Linux-Noob Forums

Full Version: Blocking Incoming Traffic
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

You want to block all incoming network traffic, except from your system itself. Does not affect outgoing traffic.




For iptables:


# iptables -F INPUT

# iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT

# iptables -A INPUT -j REJECT



For ipchains:


# ipchains -F input

# ipchains -A input -i lo -j ACCEPT

# ipchains -A input -p tcp --syn -j REJECT

# ipchains -A input -p udp --dport 0:1023 -j REJECT :P




slight refinement..


# iptables -F INPUT
# iptables -A input -i lo -s -d -j ACCEPT
# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -A INPUT -j DROP


ensures that loopback is actually looping.. addition of RELATED state (for instance passive ftp, dcc connections) and DROP rather than REJECT. Drop throws them away, Reject responds.. always better to be non-existant instead of visible..