How to block all ports except ssh

Question

I have changed ssh default port to 2020, And add iptable rule in order to allow incoming traffic on that port using below command.

iptables -A INPUT -p tcp -m tcp --dport 2020 -j ACCEPT

And i would like to block all other ports on the server. And use below command after allowing ssh. All session are closed. How can i fix it.

iptables -P INPUT DROP

iptables -P OUTPUT DROP

oh, sorry you are the original poster, I'll elaborate – Abdul Ahad Jun 07 '18 at 17:39 — Abdul Ahad, Jun 07 '18 at 17:39

Abdul Ahad · Accepted Answer · 2018-06-07T18:14:08.393

4

You may need to enable OUTPUT

    iptables -P INPUT ACCEPT
    iptables -P OUTPUT ACCEPT
    iptables -F
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 2020 -j ACCEPT
    iptables -A OUTPUT -p tcp -m tcp --sport 2020 -j ACCEPT
    iptables -P INPUT DROP
    iptables -P OUTPUT DROP

edited Jun 07 '18 at 18:14

answered Jun 07 '18 at 17:35

Abdul Ahad

826
8
16

Could you please elaborate it ? – blaCkninJa Jun 07 '18 at 17:37
@blaCkninJa yeah, sure – Abdul Ahad Jun 07 '18 at 17:40
Okay, I will try it later and let you know. – blaCkninJa Jun 07 '18 at 17:52
@blaCkninJa OK, I'm not sure if OUTPUT DROP would cause a problem, you may need an output rule as well – Abdul Ahad Jun 07 '18 at 17:53
Working but what if we also want to allow port 80 for apache server. ? – blaCkninJa Jun 12 '18 at 05:43
@blaCkninJa just duplicate the lines with "2020" with whatever other port you want to allow – Abdul Ahad Jun 12 '18 at 15:23
thanks, I have used following iptables in order to allow incoming port 80 traffic. `iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT` `iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT` – blaCkninJa Jun 13 '18 at 06:04

How to block all ports except ssh

1 Answers1