Right after I posted, I figured out a solution. I just added redirect from 7778 to 80. Since 80 is not active, it drops it A PREROUTING -p tcp -m tcp --dport 7778-j REDIRECT --to-ports 80 *Daniel P. Stasinski* daniel@GenericInbox.com I 💛✞ On Sun, Sep 17, 2017 at 8:24 PM, Daniel Stasinski wrote: > > On my server, I am redirecting incoming port 80 to port 7778 via iptables, > but I'm unsure how to block connects directly to port 7778 from the > outside. I've hit a brick wall in my understanding of pre and post > routing. > > I could use a little wisdom here. Thanks. :) > > #/etc/sysconfig/iptables > *nat > :PREROUTING ACCEPT [15:1051] > :POSTROUTING ACCEPT [63:4394] > :OUTPUT ACCEPT [63:4394] > -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 7778 > COMMIT > *filter > :INPUT ACCEPT [0:0] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [1661:376223] > -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > -A INPUT -p icmp -j ACCEPT > -A INPUT -i lo -j ACCEPT > -A INPUT -p tcp -m state --state NEW -m tcp --dport 7778 -j ACCEPT > -A INPUT -j REJECT --reject-with icmp-host-prohibited > -A FORWARD -j REJECT --reject-with icmp-host-prohibited > COMMIT > > *Daniel P. Stasinski* > daniel@GenericInbox.com > I 💛✞ >