On my server, I am redirecting incoming port 80 to port 7778 via iptables,
but I'm unsure how to block connects directly to port 7778 from the
outside.   I've hit a brick wall in my understanding of pre and post
routing.

I could use a little wisdom here.  Thanks. :)

#/etc/sysconfig/iptables
*nat
:PREROUTING ACCEPT [15:1051]
:POSTROUTING ACCEPT [63:4394]
:OUTPUT ACCEPT [63:4394]
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 7778
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1661:376223]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 7778 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

*Daniel P. Stasinski*
daniel@GenericInbox.com
I 💛✞