On my server, I am redirecting incoming port 80 to port 7778 via iptables,
but I'm unsure how to block connects directly to port 7778 from the
outside. I've hit a brick wall in my understanding of pre and post
routing.
I could use a little wisdom here. Thanks. :)
#/etc/sysconfig/iptables
*nat
:PREROUTING ACCEPT [15:1051]
:POSTROUTING ACCEPT [63:4394]
:OUTPUT ACCEPT [63:4394]
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 7778
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1661:376223]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 7778 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
*Daniel P. Stasinski*
daniel@GenericInbox.com
I 💛✞
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)