Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Charles Bell on September 26, 2001, 07:47:05 PM

Title: block outbound ports
Post by: Charles Bell on September 26, 2001, 07:47:05 PM

HI.  I wish to block certain outbound ports on my server.  Do I just need to add ipchains rules?  If so, what is the general format, and where do I put them thanks

Title: Re: block outbound ports
Post by: Greg Zartman on September 27, 2001, 09:46:55 AM

Yes, you will need to add an ipchain rule.  At a terminal prompt, input:

ipchains -A output -j DENY -p tcp -s 0.0.0.0/0 -d x.x.x.x/32 p

where:
x.x.x.x = ip address of machine you want to protect
p = port

Nice thing about ipchains is that if you make a mistake and are unsure how to fix it, reboot your machine.  This clears all rules input at the command prompt.

Greg

Title: Re: block outbound ports
Post by: Rangi Biddle on September 30, 2001, 08:21:18 AM

If you do make a mistake just flushing the rule sets is an easier way instead of rebooting.

This can be done by typing this at the bash prompt.

ipchains -F input
ipchains -F output

that clears the rulesets and returns them to a ACCEPT all policy.

I am rather experienced in firewalling so if you need more indepth help email me with what your wanting to do and I'll reply with more info.