Recipe 2.6 Blocking Incoming Service Requests

2.6.1 Problem

You want to block connections to a particular network service, for example, HTTP.

2.6.2 Solution

To block all incoming HTTP traffic:

For iptables:

# iptables -A INPUT -p tcp --dport www -j REJECT

For ipchains:

# ipchains -A input -p tcp --dport www -j REJECT

To block incoming HTTP traffic but permit local HTTP traffic:

For iptables:

# iptables -A INPUT -p tcp -i lo --dport www -j ACCEPT
# iptables -A INPUT -p tcp --dport www -j REJECT

For ipchains:

# ipchains -A input -p tcp -i lo --dport www -j ACCEPT
# ipchains -A input -p tcp --dport www -j REJECT

2.6.3 Discussion

You can also block access at other levels such as TCP-wrappers. [Recipe 3.9][Recipe 3.11]

2.6.4 See Also

iptables(8), ipchains(8).