Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: iptables to block port 25 only to a certain range
Top Forums UNIX for Dummies Questions & Answers iptables to block port 25 only to a certain range Post 302897064 by holyearth on Thursday 10th of April 2014 05:30:39 PM
Old 04-10-2014
iptables to block port 25 only to a certain range
I want to limit all *outbound* traffic on eth0 (or all *.*) on port 25 to a specific (allowed) range...

I.E.
192.168.1.5 (local ip) tries to connect to 1.2.3.4:25 (outside real world ip)

It can proceed because 1.2.3.0/24 is the allowed range

Now, 192.168.1.5 (local ip) tries to connect to 2.3.4.5:25 it is not allowed (drop?) because 2.3.4.5 is not part of the 1.2.3.0/24

Thanks for the help I could not find a way to do this:

This did not work:
iptables -A OUTPUT -o eth0 -p tcp -d 1.2.3.0/24 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT


Thanks!
 

10 More Discussions You Might Find Interesting

1. IP Networking

How to know port is block..

My server is running on a port 16386, in the case when this port is blocked by some other application ( anti virus etc. ) or firewall then how do i know it's block? Is bind will return any specific error in this case. I have to know is it blocked or not? (2 Replies)
Discussion started by: Saurabh78
2 Replies

2. IP Networking

How to block a port

Hi, i faced a problem, where i have to block a port, therefore nobody used it, evenwith SO_REUSEADDR flag. How can i achive it. (4 Replies)
Discussion started by: Saurabh78
4 Replies

3. AIX

TCP/UDP port range for default AIX NFS?

May I know what is the TCP/UCP port range for any default AIX NFS? Based on rpcinfo -p, I got the following output: program vers proto port service 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100000 4 ... (4 Replies)
Discussion started by: famasutika
4 Replies

4. UNIX for Advanced & Expert Users

Ip And Port Divertion Through Iptables

Hi To All, I want to Route my web application to Mysql Database through a proxy server.so for this which approach should i use 1)iptables 2)squid if Iptables how can i make this worked .this is the ip network i'm having web application---------Proxy server-----------------Mysql Database... (0 Replies)
Discussion started by: kgrvamsi
0 Replies

5. Shell Programming and Scripting

Block local and remote port with iptables - Script BASH

Hello I'm beginner in the linux scripting and i would like to get help. I want to create a script that can block one or more Port even see all the TCP port. The ports must be blocked even when starting my machine. Of course requires a second script which will allow the ports that you want to... (0 Replies)
Discussion started by: houstaf
0 Replies

6. AIX

Allow port range using IPsec?

Hi Guys, Please could you tell me if it is possible to have a single rule/filter to allow a certain port range instead of a separate rule for each port? I'm sure it must be possible but I am unable to find the syntax. Thanks Chris (4 Replies)
Discussion started by: chrisstevens
4 Replies

7. Red Hat

Which is the effective ephemeral port range in Linux 2.6 for this set up?

In my Linux system ephemeral port range is showing different ranges as follows $ cat /proc/sys/net/ipv4/ip_local_port_range 32768 61000  cat /etc/sysctl.conf | grep net.ipv4.ip_local_port_range net.ipv4.ip_local_port_range = 9000 65500 Which will be the effective ephemeral port... (5 Replies)
Discussion started by: steephen
5 Replies

8. Red Hat

iptables help for port 80

Hi I enable the IPtables but port 80 was not working. Below is my active configuration (10 Replies)
Discussion started by: ranjancom2000
10 Replies

9. AIX

Forcing named 9 to use a fixed ephemeral port range

I'll start with I'm not an AIX expert, I inherited a lot of AIX servers to maintain. My problem is on AIX 7.1 TL4 SP4 environments. I'm running named as a DNS forwarder only to internal DNS servers. These AIX servers have a customized UDP ephemeral port range to avoid conflicting with the... (0 Replies)
Discussion started by: seanc
0 Replies

10. UNIX for Beginners Questions & Answers

Bash script, find the next closed (not in use) port from some port range.

hi, i would like to create a bash script that check which port in my Linux server are closed (not in use) from a specific range, port range (3000-3010). the print output need to be only 1 port, and it will be nice if the output will be saved as a variable or in same file. my code is: ... (2 Replies)
Discussion started by: yossi
2 Replies

LEARN ABOUT DEBIAN

shorewall-exclusion

SHOREWALL-EXCLUSION(5)						  [FIXME: manual]					    SHOREWALL-EXCLUSION(5)

NAME

       exclusion - Exclude a set of hosts from a definition in a shorewall configuration file.

SYNOPSIS

       !address-or-range[,address-or-range]...

       !zone-name[,zone-name]...

DESCRIPTION

       The first form of exclusion is used when you wish to exclude one or more addresses from a definition. An exclaimation point is followed by
       a comma-separated list of addresses. The addresses may be single host addresses (e.g., 192.168.1.4) or they may be network addresses in
       CIDR format (e.g., 192.168.1.0/24). If your kernel and iptables include iprange support, you may also specify ranges of ip addresses of the
       form lowaddress-highaddress

       No embedded whitespace is allowed.

       Exclusion can appear after a list of addresses and/or address ranges. In that case, the final list of address is formed by taking the first
       list and then removing the addresses defined in the exclusion.

       Beginning in Shorewall 4.4.13, the second form of exclusion is allowed after all and any in the SOURCE and DEST columns of
       /etc/shorewall/rules. It allows you to omit arbitrary zones from the list generated by those key words.

	   Warning
	   If you omit a sub-zone and there is an explicit or explicit CONTINUE policy, a connection to/from that zone can still be matched by the
	   rule generated for a parent zone.

	   For example:

	   /etc/shorewall/zones:

	       #ZONE	      TYPE
	       z1	      ip
	       z2:z1	      ip
	       ...

	   /etc/shorewall/policy:

	       #SOURCE	       DEST	     POLICY
	       z1	       net	     CONTINUE
	       z2	       net	     REJECT

	   /etc/shorewall/rules:

	       #ACTION	       SOURCE	     DEST	 PROTO	       DEST
	       #						       PORT(S)
	       ACCEPT	       all!z2	     net	 tcp	       22

	   In this case, SSH connections from z2 to net will be accepted by the generated z1 to net ACCEPT rule.

       In most contexts, ipset names can be used as an address-or-range. Beginning with Shorewall 4.4.14, ipset lists enclosed in +[...] may also
       be included (see shorewall-ipsets[1] (5)). The semantics of these lists when used in an exclusion are as follows:

       o   !+[set1,set2,...setN] produces a packet match if the packet does not match at least one of the sets. In other words, it is like NOT
	   match set1 OR NOT match set2 ... OR NOT match setN.

       o   +[!set1,!set2,...!setN] produces a packet match if the packet does not match any of the sets. In other words, it is like NOT match set1
	   AND NOT match set2 ... AND NOT match setN.

EXAMPLES

       Example 1 - All IPv4 addresses except 192.168.3.4
	   !192.168.3.4

       Example 2 - All IPv4 addresses except the network 192.168.1.0/24 and the host 10.2.3.4
	   !192.168.1.0/24,10.1.3.4

       Example 3 - All IPv4 addresses except the range 192.168.1.3-192.168.1.12 and the network 10.0.0.0/8
	   !192.168.1.3-192.168.1.12,10.0.0.0/8

       Example 4 - The network 192.168.1.0/24 except hosts 192.168.1.3 and 192.168.1.9
	   192.168.1.0/24!192.168.1.3,192.168.1.9

       Example 5 - All parent zones except loc
	   any!loc

FILES

       /etc/shorewall/hosts

       /etc/shorewall/masq

       /etc/shorewall/rules

       /etc/shorewall/tcrules

SEE ALSO

       shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
       shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
       shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5),
       shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5),
       shorewall-tunnels(5), shorewall-zones(5)

NOTES

	1. shorewall-ipsets
	   http://www.shorewall.net/manpages/shorewall-ipsets.html

[FIXME: source] 						    06/28/2012						    SHOREWALL-EXCLUSION(5)
All times are GMT -4. The time now is 09:41 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy