Enable iptables on one interface

Solution 1:

So for all interfaces but one you want to accept all traffic, and on eth0 you want to drop all incoming traffic except ftp and ssh.

First, we could set a policy of accepting all traffic by default.

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

Then, we could reset your firewall rules.

iptables -F

Now we could say that we want to allow incoming traffic on eth0 that is a part of a connection we already allowed.

iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

Also that we want to allow incoming ssh connections on eth0.

iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT

But that anything else incoming on eth0 should be dropped.

iptables -A INPUT -i eth0 -j DROP

For slightly more depth see this CentOS wiki entry.

FTP is a trickier than ssh since it can use a random port, so see this previous question.

Solution 2:

Something like this should do the job:

iptables -A INPUT -i eth1 -p all -j DROP
iptables -A INPUT -i eth0 -p all -j ACCEPT

Solution 3:

It is very simple when you make an iptables rule then you have to specify the interface. The option to specify the LAN card on which iptables should work is -i

Following rules can give you a good example

iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 -j REJECT --reject-with tcp-reset

Last rule is to reject any other packet which does not match the first 2 rules. All rules in iptables are executed in the given order, so the rule to reject packets is always the last.

Solution 4:

The option to specify an interface in your iptables rule is -i, e.g.: -i eth0.

Enable iptables on one interface

Solution 1:

Solution 2:

Solution 3:

Solution 4:

Tags:

Iptables

Related

Recent Posts