Right after I posted, I figured out a solution.
I just added redirect from 7778 to 80. Since 80 is not active, it drops it
A PREROUTING -p tcp -m tcp --dport 7778-j REDIRECT --to-ports 80
*Daniel P. Stasinski*
daniel@GenericInbox.com
I 💛✞
On Sun, Sep 17, 2017 at 8:24 PM, Daniel Stasinski <
daniel@genericinbox.com>
wrote:
>
> On my server, I am redirecting incoming port 80 to port 7778 via iptables,
> but I'm unsure how to block connects directly to port 7778 from the
> outside. I've hit a brick wall in my understanding of pre and post
> routing.
>
> I could use a little wisdom here. Thanks. :)
>
> #/etc/sysconfig/iptables
> *nat
> :PREROUTING ACCEPT [15:1051]
> :POSTROUTING ACCEPT [63:4394]
> :OUTPUT ACCEPT [63:4394]
> -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 7778
> COMMIT
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [1661:376223]
> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> -A INPUT -p icmp -j ACCEPT
> -A INPUT -i lo -j ACCEPT
> -A INPUT -p tcp -m state --state NEW -m tcp --dport 7778 -j ACCEPT
> -A INPUT -j REJECT --reject-with icmp-host-prohibited
> -A FORWARD -j REJECT --reject-with icmp-host-prohibited
> COMMIT
>
> *Daniel P. Stasinski*
> daniel@GenericInbox.com
> I 💛✞
>
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)