{"id":9292,"date":"2022-04-14T04:41:05","date_gmt":"2022-04-14T04:41:05","guid":{"rendered":"https:\/\/cpanelplesk.com\/wp62\/?p=9292"},"modified":"2022-04-14T04:41:05","modified_gmt":"2022-04-14T04:41:05","slug":"how-to-block-all-ports-in-iptables","status":"publish","type":"post","link":"https:\/\/cpanelplesk.com\/wp62\/how-to-block-all-ports-in-iptables\/","title":{"rendered":"How to Block all ports in IPtables"},"content":{"rendered":"

We’ve included an example of one of the most common iptables configurations. Except for particular ports, we will block all connections.<\/span><\/p>\n

To begin, we’ll erase all present iptables rules to eliminate any errors caused by the prior configuration.<\/span><\/p>\n

SSH into your server as root and run the following commands:<\/h4>\n
\n
iptables -t filter -F\u00a0\r\niptables -t filter -X\u00a0<\/span><\/pre>\n<\/div>\n
Now, we will block all traffic:<\/p>\n
\n
iptables -t filter -P INPUT DROP\u00a0\r\niptables -t filter -P FORWARD DROP <\/span>\r\niptables -t filter -P OUTPUT DROP <\/span><\/pre>\n<\/div>\n
We will maintain our existing relationships (you can skip it but we recommend putting these rules in place):<\/p>\n
\n
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT\u00a0\r\niptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT\u00a0<\/span><\/pre>\n<\/div>\n
Allow loopback connections (this is required in some situations). We propose adding this rule to rule out any potential application difficulties):<\/p>\n
\n
iptables -t filter -A INPUT -i lo -j ACCEPT\u00a0\r\niptables -t filter -A OUTPUT -o lo -j ACCEPT <\/span><\/pre>\n<\/div>\n
We’re now ready to add “acceptable rules” to the mix. We will, for example, enable http traffic:<\/p>\n
\n
iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT\r\niptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT<\/span><\/pre>\n<\/div>\n
Don’t forget about SSH as well (in case you use differ ssh port -change it)<\/p>\n
\n
iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT\r\niptables -t filter -A OUTPUT -p tcp --dport 22 -j ACCEPT<\/span><\/pre>\n<\/div>\n
You can also open an ssh port for a certain IP address:<\/p>\n
\n
iptables -I INPUT -p tcp -m tcp -s 101.69.69.101 --dport 22 -j ACCEPT\r\niptables -I INPUT -p tcp -m tcp -s 0.0.0.0\/0 --dport 22 -j DROP<\/span><\/pre>\n<\/div>\n
Use the following example if you need to allow a specific port range:<\/p>\n
\n
iptables -t filter -A OUTPUT -p tcp --dport 1024:2000 -j ACCEPT\r\niptables -t filter -A INPUT -p tcp --dport 1024:2000 -j ACCEPT<\/span><\/pre>\n<\/div>\n
Block all UDP except port 53 (DNS):<\/h4>\n
\n
#allow dns requests\u00a0\r\niptables -A OUTPUT -p udp --dport 53 -j ACCEPT<\/span>\r\niptables -A OUTPUT -p udp --dport 53 -j ACCEPT<\/span>\r\n#block all other udp<\/span>\r\niptables -A OUTPUT -p udp -j DROP<\/span>\r\nip6tables -A OUTPUT -p udp -j DROP<\/span><\/pre>\n<\/div>\n
NOTE:<\/strong> The “-d” argument can be used to specify permitted nameservers:<\/p>\n
\n
iptables -A OUTPUT -p udp --dport 53 -d 8.8.8.8 -j ACCEPT\r\niptables -A OUTPUT -p udp --dport 53 -d 8.8.4.4 -j ACCEPT<\/span><\/pre>\n<\/div>\n
Disable outgoing ping echo request:<\/h4>\n
\n
iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP<\/pre>\n<\/div>\n
Disable incoming pings:<\/h4>\n
\n
iptables -A INPUT -p icmp --icmp-type echo-request -j REJECT<\/pre>\n<\/div>\n
After you’ve added all of the “allow” rules, save the current iptables configuration to the file:<\/p>\n
\n
iptables-save >\/etc\/sysconfig\/iptables<\/pre>\n<\/div>\n
Restart the service:<\/h4>\n
\n
service iptables restart<\/span><\/pre>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
We’ve included an example of one of the most common iptables configurations. Except for particular ports, we will block all connections. To begin, we’ll erase all present iptables rules to eliminate any errors caused by the prior configuration. SSH into your server as root and run the following commands: iptables -t filter -F\u00a0 iptables -t […]<\/p>\n
Continue Reading…<\/a><\/p>\n","protected":false},"author":19,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-9292","post","type-post","status-publish","format-standard","hentry","category-cpanel"],"yoast_head":"\nHow to Block all ports in IPtables - cPanel Plesk<\/title>\n<meta name=\"description\" content=\"the most common iptables configurations. Except for particular ports, we will block all connections.To begin, we'll erase all present iptables rules to eliminate any errors caused by the prior configuration.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cpanelplesk.com\/wp62\/how-to-block-all-ports-in-iptables\/\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"How to Block all ports in IPtables - cPanel Plesk\" \/>\n<meta name=\"twitter:description\" content=\"the most common iptables configurations. Except for particular ports, we will block all connections.To begin, we'll erase all present iptables rules to eliminate any errors caused by the prior configuration.\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"samama\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/cpanelplesk.com\/wp62\/how-to-block-all-ports-in-iptables\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/cpanelplesk.com\/wp62\/how-to-block-all-ports-in-iptables\/\"},\"author\":{\"name\":\"samama\",\"@id\":\"https:\/\/cpanelplesk.com\/wp62\/#\/schema\/person\/b5c17eff2915a029433dfd2d5a6e8465\"},\"headline\":\"How to Block all ports in IPtables\",\"datePublished\":\"2022-04-14T04:41:05+00:00\",\"dateModified\":\"2022-04-14T04:41:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/cpanelplesk.com\/wp62\/how-to-block-all-ports-in-iptables\/\"},\"wordCount\":207,\"publisher\":{\"@id\":\"https:\/\/cpanelplesk.com\/wp62\/#\/schema\/person\/c78ae1cf9451a09592fb9697d69c0c13\"},\"articleSection\":[\"Cpanel\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/cpanelplesk.com\/wp62\/how-to-block-all-ports-in-iptables\/\",\"url\":\"https:\/\/cpanelplesk.com\/wp62\/how-to-block-all-ports-in-iptables\/\",\"name\":\"How to Block all ports in IPtables - cPanel Plesk\",\"isPartOf\":{\"@id\":\"https:\/\/cpanelplesk.com\/wp62\/#website\"},\"datePublished\":\"2022-04-14T04:41:05+00:00\",\"dateModified\":\"2022-04-14T04:41:05+00:00\",\"description\":\"the most common iptables configurations. Except for particular ports, we will block all connections.To begin, we'll erase all present iptables rules to eliminate any errors caused by the prior configuration.\",\"breadcrumb\":{\"@id\":\"https:\/\/cpanelplesk.com\/wp62\/how-to-block-all-ports-in-iptables\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/cpanelplesk.com\/wp62\/how-to-block-all-ports-in-iptables\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/cpanelplesk.com\/wp62\/how-to-block-all-ports-in-iptables\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/cpanelplesk.com\/wp62\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Block all ports in IPtables\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/cpanelplesk.com\/wp62\/#website\",\"url\":\"https:\/\/cpanelplesk.com\/wp62\/\",\"name\":\"cPanel Plesk\",\"description\":\"Blog on famous hosting control panels\",\"publisher\":{\"@id\":\"https:\/\/cpanelplesk.com\/wp62\/#\/schema\/person\/c78ae1cf9451a09592fb9697d69c0c13\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/cpanelplesk.com\/wp62\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/cpanelplesk.com\/wp62\/#\/schema\/person\/c78ae1cf9451a09592fb9697d69c0c13\",\"name\":\"Farooq Omer\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cpanelplesk.com\/wp62\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/cpanelplesk.com\/wp62\/wp-content\/uploads\/2020\/11\/cpanelplesk.png\",\"contentUrl\":\"https:\/\/cpanelplesk.com\/wp62\/wp-content\/uploads\/2020\/11\/cpanelplesk.png\",\"width\":300,\"height\":44,\"caption\":\"Farooq Omer\"},\"logo\":{\"@id\":\"https:\/\/cpanelplesk.com\/wp62\/#\/schema\/person\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/cpanelplesk.com\/wp62\/#\/schema\/person\/b5c17eff2915a029433dfd2d5a6e8465\",\"name\":\"samama\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cpanelplesk.com\/wp62\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5ad71c1d187b45a3c1a68698160b5f6d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5ad71c1d187b45a3c1a68698160b5f6d?s=96&d=mm&r=g\",\"caption\":\"samama\"},\"url\":\"https:\/\/cpanelplesk.com\/wp62\/author\/samama\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Block all ports in IPtables - cPanel Plesk","description":"the most common iptables configurations. Except for particular ports, we will block all connections.To begin, we'll erase all present iptables rules to eliminate any errors caused by the prior configuration.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cpanelplesk.com\/wp62\/how-to-block-all-ports-in-iptables\/","twitter_card":"summary_large_image","twitter_title":"How to Block all ports in IPtables - cPanel Plesk","twitter_description":"the most common iptables configurations. Except for particular ports, we will block all connections.To begin, we'll erase all present iptables rules to eliminate any errors caused by the prior configuration.","twitter_misc":{"Written by":"samama","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/cpanelplesk.com\/wp62\/how-to-block-all-ports-in-iptables\/#article","isPartOf":{"@id":"https:\/\/cpanelplesk.com\/wp62\/how-to-block-all-ports-in-iptables\/"},"author":{"name":"samama","@id":"https:\/\/cpanelplesk.com\/wp62\/#\/schema\/person\/b5c17eff2915a029433dfd2d5a6e8465"},"headline":"How to Block all ports in IPtables","datePublished":"2022-04-14T04:41:05+00:00","dateModified":"2022-04-14T04:41:05+00:00","mainEntityOfPage":{"@id":"https:\/\/cpanelplesk.com\/wp62\/how-to-block-all-ports-in-iptables\/"},"wordCount":207,"publisher":{"@id":"https:\/\/cpanelplesk.com\/wp62\/#\/schema\/person\/c78ae1cf9451a09592fb9697d69c0c13"},"articleSection":["Cpanel"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/cpanelplesk.com\/wp62\/how-to-block-all-ports-in-iptables\/","url":"https:\/\/cpanelplesk.com\/wp62\/how-to-block-all-ports-in-iptables\/","name":"How to Block all ports in IPtables - cPanel Plesk","isPartOf":{"@id":"https:\/\/cpanelplesk.com\/wp62\/#website"},"datePublished":"2022-04-14T04:41:05+00:00","dateModified":"2022-04-14T04:41:05+00:00","description":"the most common iptables configurations. Except for particular ports, we will block all connections.To begin, we'll erase all present iptables rules to eliminate any errors caused by the prior configuration.","breadcrumb":{"@id":"https:\/\/cpanelplesk.com\/wp62\/how-to-block-all-ports-in-iptables\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cpanelplesk.com\/wp62\/how-to-block-all-ports-in-iptables\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/cpanelplesk.com\/wp62\/how-to-block-all-ports-in-iptables\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cpanelplesk.com\/wp62\/"},{"@type":"ListItem","position":2,"name":"How to Block all ports in IPtables"}]},{"@type":"WebSite","@id":"https:\/\/cpanelplesk.com\/wp62\/#website","url":"https:\/\/cpanelplesk.com\/wp62\/","name":"cPanel Plesk","description":"Blog on famous hosting control panels","publisher":{"@id":"https:\/\/cpanelplesk.com\/wp62\/#\/schema\/person\/c78ae1cf9451a09592fb9697d69c0c13"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cpanelplesk.com\/wp62\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/cpanelplesk.com\/wp62\/#\/schema\/person\/c78ae1cf9451a09592fb9697d69c0c13","name":"Farooq Omer","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cpanelplesk.com\/wp62\/#\/schema\/person\/image\/","url":"https:\/\/cpanelplesk.com\/wp62\/wp-content\/uploads\/2020\/11\/cpanelplesk.png","contentUrl":"https:\/\/cpanelplesk.com\/wp62\/wp-content\/uploads\/2020\/11\/cpanelplesk.png","width":300,"height":44,"caption":"Farooq Omer"},"logo":{"@id":"https:\/\/cpanelplesk.com\/wp62\/#\/schema\/person\/image\/"}},{"@type":"Person","@id":"https:\/\/cpanelplesk.com\/wp62\/#\/schema\/person\/b5c17eff2915a029433dfd2d5a6e8465","name":"samama","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cpanelplesk.com\/wp62\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/5ad71c1d187b45a3c1a68698160b5f6d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5ad71c1d187b45a3c1a68698160b5f6d?s=96&d=mm&r=g","caption":"samama"},"url":"https:\/\/cpanelplesk.com\/wp62\/author\/samama\/"}]}},"_links":{"self":[{"href":"https:\/\/cpanelplesk.com\/wp62\/wp-json\/wp\/v2\/posts\/9292","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cpanelplesk.com\/wp62\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cpanelplesk.com\/wp62\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cpanelplesk.com\/wp62\/wp-json\/wp\/v2\/users\/19"}],"replies":[{"embeddable":true,"href":"https:\/\/cpanelplesk.com\/wp62\/wp-json\/wp\/v2\/comments?post=9292"}],"version-history":[{"count":4,"href":"https:\/\/cpanelplesk.com\/wp62\/wp-json\/wp\/v2\/posts\/9292\/revisions"}],"predecessor-version":[{"id":9327,"href":"https:\/\/cpanelplesk.com\/wp62\/wp-json\/wp\/v2\/posts\/9292\/revisions\/9327"}],"wp:attachment":[{"href":"https:\/\/cpanelplesk.com\/wp62\/wp-json\/wp\/v2\/media?parent=9292"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cpanelplesk.com\/wp62\/wp-json\/wp\/v2\/categories?post=9292"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cpanelplesk.com\/wp62\/wp-json\/wp\/v2\/tags?post=9292"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}