IPTables only allow localhost access

Solution 1:

If by service you mean a specific port, then the following two lines should work. Change the "25" to whatever port you're trying to restrict.

iptables -A INPUT -p tcp -s localhost --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j DROP

Solution 2:

I'd recommend:

iptables -A INPUT -i lo -p tcp --dport $APP_PORT -j ACCEPT
iptables -A INPUT -p tcp --dport $APP_PORT -j DROP

Because, self-addressed packets do not necessarily have 127.0.0.1 as its source, but they all 'enter' from the lo interface.

Now, if you really want to understand iptables the first thing you should do is to download and print good diagrams explaining the relations of the netfilter tables. Here are two great ones:

http://en.m.wikipedia.org/wiki?search=iptables - very complex, but the refrence
http://vinojdavis.blogspot.com/2010/04/packet-flow-diagrams.html - the upper diagram is much more understandable, though not as complete

Finally, read a lot of iptables HOWTO's. The practical examples would help you get up-to-speed real quick :)

IPTables only allow localhost access

Solution 1:

Solution 2:

Tags:

Iptables

Related

Recent Posts