Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: iptables to block port 25 only to a certain range
Top Forums UNIX for Dummies Questions & Answers iptables to block port 25 only to a certain range Post 302897083 by Smiling Dragon on Thursday 10th of April 2014 10:35:42 PM
Old 04-10-2014
You just need to do the drop on all other port 25 outbound, also the NEW,ESTABLISHED thing doesn't really help you here as you want all types to work.
Code:
iptables -A OUTPUT -o eth0 -p tcp -d 1.2.3.0/24 --dport 25 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --dport 25 -j DROP

I'd also suggest you leave off the -o eth0 too as you are trying to prevent outbound traffic in general, regardless of it's routing.

edit: According to the iptables help, you can actually specify negation - ie:
Code:
iptables -A OUTPUT -p tcp \! -d 1.2.3.0/24 --dport 25 -j DROP

Never tried this myself though so YMMV
 

10 More Discussions You Might Find Interesting

1. IP Networking

How to know port is block..

My server is running on a port 16386, in the case when this port is blocked by some other application ( anti virus etc. ) or firewall then how do i know it's block? Is bind will return any specific error in this case. I have to know is it blocked or not? (2 Replies)
Discussion started by: Saurabh78
2 Replies

2. IP Networking

How to block a port

Hi, i faced a problem, where i have to block a port, therefore nobody used it, evenwith SO_REUSEADDR flag. How can i achive it. (4 Replies)
Discussion started by: Saurabh78
4 Replies

3. AIX

TCP/UDP port range for default AIX NFS?

May I know what is the TCP/UCP port range for any default AIX NFS? Based on rpcinfo -p, I got the following output: program vers proto port service 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100000 4 ... (4 Replies)
Discussion started by: famasutika
4 Replies

4. UNIX for Advanced & Expert Users

Ip And Port Divertion Through Iptables

Hi To All, I want to Route my web application to Mysql Database through a proxy server.so for this which approach should i use 1)iptables 2)squid if Iptables how can i make this worked .this is the ip network i'm having web application---------Proxy server-----------------Mysql Database... (0 Replies)
Discussion started by: kgrvamsi
0 Replies

5. Shell Programming and Scripting

Block local and remote port with iptables - Script BASH

Hello I'm beginner in the linux scripting and i would like to get help. I want to create a script that can block one or more Port even see all the TCP port. The ports must be blocked even when starting my machine. Of course requires a second script which will allow the ports that you want to... (0 Replies)
Discussion started by: houstaf
0 Replies

6. AIX

Allow port range using IPsec?

Hi Guys, Please could you tell me if it is possible to have a single rule/filter to allow a certain port range instead of a separate rule for each port? I'm sure it must be possible but I am unable to find the syntax. Thanks Chris (4 Replies)
Discussion started by: chrisstevens
4 Replies

7. Red Hat

Which is the effective ephemeral port range in Linux 2.6 for this set up?

In my Linux system ephemeral port range is showing different ranges as follows $ cat /proc/sys/net/ipv4/ip_local_port_range 32768 61000  cat /etc/sysctl.conf | grep net.ipv4.ip_local_port_range net.ipv4.ip_local_port_range = 9000 65500 Which will be the effective ephemeral port... (5 Replies)
Discussion started by: steephen
5 Replies

8. Red Hat

iptables help for port 80

Hi I enable the IPtables but port 80 was not working. Below is my active configuration (10 Replies)
Discussion started by: ranjancom2000
10 Replies

9. AIX

Forcing named 9 to use a fixed ephemeral port range

I'll start with I'm not an AIX expert, I inherited a lot of AIX servers to maintain. My problem is on AIX 7.1 TL4 SP4 environments. I'm running named as a DNS forwarder only to internal DNS servers. These AIX servers have a customized UDP ephemeral port range to avoid conflicting with the... (0 Replies)
Discussion started by: seanc
0 Replies

10. UNIX for Beginners Questions & Answers

Bash script, find the next closed (not in use) port from some port range.

hi, i would like to create a bash script that check which port in my Linux server are closed (not in use) from a specific range, port range (3000-3010). the print output need to be only 1 port, and it will be nice if the output will be saved as a variable or in same file. my code is: ... (2 Replies)
Discussion started by: yossi
2 Replies

LEARN ABOUT DEBIAN

rlm_ippool_tool

RLM_IPPOOL_TOOL(8)					      System Manager's Manual						RLM_IPPOOL_TOOL(8)

NAME

       rlm_ippool_tool - dump the contents of the FreeRadius ippool database files

SYNOPSIS

       If an ipaddress is specified then that address is used to limit the actions or output.

       rlm_ippool_tool [-a] [-c] [-o] [-v] session-db index-db [ipaddress]

       Mark the entry nasIP/nasPort as having ipaddress

       rlm_ippool_tool -n session-db index-db ipaddress nasIP nasPort

       Update old format database to new.

       rlm_ippool_tool -u session-db new-session-db

DESCRIPTION

       rlm_ippool_tool dumps the contents of the FreeRADIUS ippool databases for analyses or for removal of active (stuck?) entries.

       Or with the -n argument adds a usage entry to the FreeRADIUS ippool databases.

OPTIONS

       -a     Print all active entries.

       -c     Report number of active entries.

       -r     Remove active entries.

       -v     Verbose report of all entries.

       -o     Assume old database format (nas/port pair, not md5 output).

       -n     Mark the entry nasIP/nasPort as having ipaddress.

       -u     Update old format database to new.

EXAMPLES

       Given the syntax in the FreeRadius radiusd.conf:

	       ippool myippool {
		   range-start = 192.168.1.0
		   range-stop = 192.168.1.255
		   [...]
		   session-db = ${raddbdir}/ip-pool.db
		   ip-index = ${raddbdir}/ip-index.db
	       }

       To see the number of active entries in this pool, use:

	       $ rlm_ippool_tool -c ip-pool.db ip-index.db
	       13

       To see all active entries in this pool, use:

	       $ rlm_ippool_tool -a ip-pool.db ip-index.db
	       192.168.1.5
	       192.168.1.82
	       192.168.1.244
	       192.168.1.57
	       192.168.1.120
	       192.168.1.27
	       [...]

       To see all information about the active entries in the use, use:

	       $ rlm_ippool_tool -av ip-pool.db ip-index.db
	       NAS:172.16.1.1 port:0x2e8 - ipaddr:192.168.1.5 active:1 cli:0 num:1
	       NAS:172.16.1.1 port:0x17c - ipaddr:192.168.1.82 active:1 cli:0 num:1
	       NAS:172.16.1.1 port:0x106 - ipaddr:192.168.1.244 active:1 cli:0 num:1
	       NAS:172.16.1.1 port:0x157 - ipaddr:192.168.1.57 active:1 cli:0 num:1
	       NAS:172.16.1.1 port:0x2d8 - ipaddr:192.168.1.120 active:1 cli:0 num:1
	       NAS:172.16.1.1 port:0x162 - ipaddr:192.168.1.27 active:1 cli:0 num:1
	       [...]

       To see only information of one entry, use:

	       $ rlm_ippool_tool -v ip-pool.db ip-index.db 192.168.1.1
	       NAS:172.16.1.1 port:0x90 - ipaddr:192.168.1.1 active:0 cli:0 num:0

       To add an IP address usage entry, use:

	       $ rlm_ippool_tool -n ip-pool.db ip-index.db 192.168.1.1 172.16.1.1 0x90
	       rlm_ippool_tool: Allocating ip to nas/port: 172.16.1.1/144
	       rlm_ippool_tool: num: 1
	       rlm_ippool_tool: Allocated ip 192.168.1.1 to client on nas 172.16.1.1,port 144

SEE ALSO

       radiusd(8)

AUTHORS

       Currently   part   of   the   FreeRADIUS   Project   (http://www.freeradius.org)   Originally   by   Edwin   Groothuis,	 edwin@mavetju.org
       (http://www.mavetju.org)

       Mailing list details are at http://www.freeradius.org/

																RLM_IPPOOL_TOOL(8)
All times are GMT -4. The time now is 06:19 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy