This is what I recall as a best practice, ideally you want to drop anything you are not using. /sbin/iptables -A INPUT -p tcp --destination-port 80 -j DROP On Sep 17, 2017 9:53 PM, "Amit Nepal" wrote: > I have not tested but you can probably use mark to accomplish this. Mark > any request coming directly to port 7778, drop anything with mark set and > then redirect request on port 80 to 7778. > iptables -t mangle -A PREROUTING -p tcp --dport 7778 -j MARK --set-mark 1 > iptables -A INPUT -m mark --mark 1 -j DROP > iptables -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports > 7778 > > Thank You > > Amit K Nepal > (CISM, CISSP, RHCE, CCENT, C|EH, C|HFI, GIAC ISO 27000 Specialist) > > > On 9/17/2017 8:58 PM, Daniel Stasinski wrote: > > Right after I posted, I figured out a solution. > > I just added redirect from 7778 to 80. Since 80 is not active, it drops it > > A PREROUTING -p tcp -m tcp --dport 7778-j REDIRECT --to-ports 80 > > *Daniel P. Stasinski* > daniel@GenericInbox.com > I 💛✞ > > On Sun, Sep 17, 2017 at 8:24 PM, Daniel Stasinski > wrote: > >> >> On my server, I am redirecting incoming port 80 to port 7778 via >> iptables, but I'm unsure how to block connects directly to port 7778 from >> the outside. I've hit a brick wall in my understanding of pre and post >> routing. >> >> I could use a little wisdom here. Thanks. :) >> >> #/etc/sysconfig/iptables >> *nat >> :PREROUTING ACCEPT [15:1051] >> :POSTROUTING ACCEPT [63:4394] >> :OUTPUT ACCEPT [63:4394] >> -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 7778 >> COMMIT >> *filter >> :INPUT ACCEPT [0:0] >> :FORWARD ACCEPT [0:0] >> :OUTPUT ACCEPT [1661:376223] >> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT >> -A INPUT -p icmp -j ACCEPT >> -A INPUT -i lo -j ACCEPT >> -A INPUT -p tcp -m state --state NEW -m tcp --dport 7778 -j ACCEPT >> -A INPUT -j REJECT --reject-with icmp-host-prohibited >> -A FORWARD -j REJECT --reject-with icmp-host-prohibited >> COMMIT >> >> *Daniel P. Stasinski* >> daniel@GenericInbox.com >> I 💛✞ >> > > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings:http://lists.phxlinux.org/mailman/listinfo/plug-discuss > > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss >