* GBV (guilherme@plannercorretora.com.br) [030213 10:08]: > I have an webserver on port 3321 > how I can use iptables to deny(drop) all packages coming from internet?? iptables -P INPUT DROP will drop all incoming packets period. > > my inet interface is eth0 iptables -A INPUT -j DROP -i eth0 will drop all packets inbound from eth0. > > something like > > Deny any request coming from eth0, destinated to this host on port 3321 iptables -A INPUT -j DROP -i eth0 -d $EXT_IP -p tcp --destination-port 3321 Given examples like this, it seems like it would be easy to write a natural-language-to-iptables parser ;-) Seriously, though, I highly recommend _reading_ and _understanding_ the netfilter documentation: http://netfilter.samba.org/ Having a poorly-configured firewall is arguably worse than no firewall at all, for the false sense of security you get with the former. It is a worthwhile exercise to sit down and determine your needs in terms of security and access. Then, if you understand how to use your tools, it should be easy to implement a plan that will meet your needs. good times, Vineet good times, Vineet -- http://www.doorstop.net/ -- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." --Benjamin Franklin
Attachment:
pgpJzXo8FXcq_.pgp
Description: PGP signature