Linux-Noob Forums
Blocking Incoming Traffic - Printable Version

+- Linux-Noob Forums (https://www.linux-noob.com/forums)
+-- Forum: Distro Noob (https://www.linux-noob.com/forums/forum-10.html)
+--- Forum: Debian (https://www.linux-noob.com/forums/forum-97.html)
+--- Thread: Blocking Incoming Traffic (/thread-2402.html)



Blocking Incoming Traffic - jsn06 - 2005-09-29


You want to block all incoming network traffic, except from your system itself. Does not affect outgoing traffic.

 

 

 

For iptables:

 

# iptables -F INPUT

# iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT

# iptables -A INPUT -j REJECT

 

 

For ipchains:

 

# ipchains -F input

# ipchains -A input -i lo -j ACCEPT

# ipchains -A input -p tcp --syn -j REJECT

# ipchains -A input -p udp --dport 0:1023 -j REJECT :P

 

 

johnny06




Blocking Incoming Traffic - znx - 2005-11-05


slight refinement..

 



Code:
# iptables -F INPUT
# iptables -A input -i lo -s 127.0.0.1/8 -d 127.0.0.1/8 -j ACCEPT
# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -A INPUT -j DROP




 

ensures that loopback is actually looping.. addition of RELATED state (for instance passive ftp, dcc connections) and DROP rather than REJECT. Drop throws them away, Reject responds.. always better to be non-existant instead of visible..