Purchase Linux CDs / DVDs / Flash Drives at OSDisc.com

Welcome to Our Community

While Linux.org has been around for a while, we recently changed management and had to purge most of the content (including users). If you signed up before April 23rd, 2017 please sign up again. Thanks!

How to block multiple ports in iptables, ipset?

Discussion in 'Linux Security' started by postcd, Jan 15, 2018.

  1. postcd

    postcd New Member

    Joined:
    Jul 8, 2017
    Messages:
    17
    Likes Received:
    1
    Hello,



    on CentOS 6, iptables 1.4.7

    i can use rule to block IPs in my IPSet from accessing one port, example SSH:

    Code:
    -A INPUT -p tcp --dport 22 -m set --match-set blocklist src -j DROP
    (note that this is not iptables command but a line from a save file "iptalbes-save > output")

    But how to block multiple ports, example 21,22,25 ?

    I tried --dports 21,22,25, but iptables not wanted to import it saying: iptables-restore v1.4.7: unknown option `--dports'
     
  2. Lazydog

    Lazydog Member

    Joined:
    Jul 27, 2017
    Messages:
    49
    Likes Received:
    48
    To block multiple ports with IPTABLES you need something like this:

    Code:
    iptables -A INPUT -p tcp -m multiport --destination-port 22,53,80,110
     
    postcd likes this.
  3. postcd

    postcd New Member

    Joined:
    Jul 8, 2017
    Messages:
    17
    Likes Received:
    1
    Thank you for help. It seems that it worked.

    Code:
    -A INPUT -p tcp -m multiport --destination-port 21,22 -m set --match-set blocklist src -j DROP
     
  4. Lazydog

    Lazydog Member

    Joined:
    Jul 27, 2017
    Messages:
    49
    Likes Received:
    48
    Glad I could help.
     

Share This Page