I have not tested but you can probably use mark to accomplish
this. Mark any request coming directly to port 7778, drop
anything with mark set and then redirect request on port 80 to
7778.
Amit K Nepal (CISM, CISSP, RHCE, CCENT, C|EH, C|HFI, GIAC ISO 27000 Specialist)
Right after I posted, I figured out a solution.
I just added redirect from 7778 to 80. Since 80 is not active, it drops it
A PREROUTING -p tcp -m tcp --dport 7778-j REDIRECT --to-ports 80
Daniel P. Stasinski
On Sun, Sep 17, 2017 at 8:24 PM, Daniel Stasinski <daniel@genericinbox.com> wrote:
On my server, I am redirecting incoming port 80 to port 7778 via iptables, but I'm unsure how to block connects directly to port 7778 from the outside. I've hit a brick wall in my understanding of pre and post routing.
I could use a little wisdom here. Thanks. :)
#/etc/sysconfig/iptables*nat
:PREROUTING ACCEPT [15:1051]
:POSTROUTING ACCEPT [63:4394]
:OUTPUT ACCEPT [63:4394]
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 7778
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1661:376223]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 7778 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
I 💛✞
--------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss