This is what I recall as a best practice, ideally you want to drop anything you are not using.
/sbin/iptables -A INPUT -p tcp --destination-port 80 -j DROP On Sep 17, 2017 9:53 PM, "Amit Nepal" <[email protected]> wrote: > I have not tested but you can probably use mark to accomplish this. Mark > any request coming directly to port 7778, drop anything with mark set and > then redirect request on port 80 to 7778. > iptables -t mangle -A PREROUTING -p tcp --dport 7778 -j MARK --set-mark 1 > iptables -A INPUT -m mark --mark 1 -j DROP > iptables -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports > 7778 > > Thank You > > Amit K Nepal > (CISM, CISSP, RHCE, CCENT, C|EH, C|HFI, GIAC ISO 27000 Specialist) > > > On 9/17/2017 8:58 PM, Daniel Stasinski wrote: > > Right after I posted, I figured out a solution. > > I just added redirect from 7778 to 80. Since 80 is not active, it drops it > > A PREROUTING -p tcp -m tcp --dport 7778-j REDIRECT --to-ports 80 > > *Daniel P. Stasinski* > [email protected] > I 💛✞ > > On Sun, Sep 17, 2017 at 8:24 PM, Daniel Stasinski <[email protected] > > wrote: > >> >> On my server, I am redirecting incoming port 80 to port 7778 via >> iptables, but I'm unsure how to block connects directly to port 7778 from >> the outside. I've hit a brick wall in my understanding of pre and post >> routing. >> >> I could use a little wisdom here. Thanks. :) >> >> #/etc/sysconfig/iptables >> *nat >> :PREROUTING ACCEPT [15:1051] >> :POSTROUTING ACCEPT [63:4394] >> :OUTPUT ACCEPT [63:4394] >> -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 7778 >> COMMIT >> *filter >> :INPUT ACCEPT [0:0] >> :FORWARD ACCEPT [0:0] >> :OUTPUT ACCEPT [1661:376223] >> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT >> -A INPUT -p icmp -j ACCEPT >> -A INPUT -i lo -j ACCEPT >> -A INPUT -p tcp -m state --state NEW -m tcp --dport 7778 -j ACCEPT >> -A INPUT -j REJECT --reject-with icmp-host-prohibited >> -A FORWARD -j REJECT --reject-with icmp-host-prohibited >> COMMIT >> >> *Daniel P. Stasinski* >> [email protected] >> I 💛✞ >> > > > > --------------------------------------------------- > PLUG-discuss mailing list - [email protected] > To subscribe, unsubscribe, or to change your mail > settings:http://lists.phxlinux.org/mailman/listinfo/plug-discuss > > > > --------------------------------------------------- > PLUG-discuss mailing list - [email protected] > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss >
--------------------------------------------------- PLUG-discuss mailing list - [email protected] To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
