• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

CentOS / RHEL : How to block incoming and outgoing ports using iptables

by admin

It is always recommended to stop the services and block the ports which are not required. Keeping unwanted ports open, may cause vulnerability to the system. Depending on the requirement you can block both the incoming and outgoing traffic on a specific port.

Block Incoming Port

The syntax to block an incoming port using iptables is as follows. This applies to all the interfaces globally.

# iptables -A INPUT -p tcp --destination-port [port number] -j DROP

To block the port only on a specific interface use the -i option.

# iptables -A INPUT -i [interface name] -p tcp --destination-port [port number] -j DROP

To block port only for given IP or Subnet use the -s option to specify the subnet or IP addess.

# iptables -A INPUT -i [interface name] -p tcp --destination-port [port number] -s [ip address] -j DROP
# iptables -A INPUT -i [interface name] -p tcp --destination-port [port number] -s [ip subnet] -j DROP

For example:

To block port 21 (to block FTP), use the command below:

# iptables -A INPUT -p tcp --destination-port 21 -j DROP

Save the iptables for rules to be persistent across reboots.

# service iptables save

To block port 21 for a specific IP address (e.g. 10.10.10.10) on interface eth1 use the command :

# iptables -A INPUT -p tcp -i eth1 -s ! 10.10.10.10 --destination-port 21 -j DROP

Save the iptables for rules to be persistent across reboots.

# service iptables save

Block Outgoing Port

The syntax to block an outgoing port using iptables is as follows. This applies to all the interfaces globally.

# iptables -A OUTPUT -p tcp --destination-port [port number] -j DROP

To block the port only on a specific interface use the -i option.

# iptables -A OUTPUT -i [interface name] -p tcp --destination-port [port number] -j DROP

To block port only for given IP or Subnet use the -s option to specify the subnet or IP addess.

# iptables -A OUTPUT -i [interface name] -p tcp --destination-port [port number] -s [ip address] -j DROP
# iptables -A OUTPUT -i [interface name] -p tcp --destination-port [port number] -s [ip subnet] -j DROP

For example:

To block outgoing port # 25, use the below command.

# iptables -A OUTPUT -p tcp --destination-port 25 -j DROP

Save the iptables for rules to be persistent across reboots.

# service iptables save

To block port # 25 only for ip address 10.10.10.10 use the command :

# iptables -A OUTPUT -p tcp -d 10.10.10.10 --destination-port 25 -j DROP

Save the iptables for rules to be persistent across reboots.

# service iptables save

Filed Under: Linux

Some more articles you might also be interested in …

  1. cpufreq-aperf Command Examples in Linux
  2. setserial: command not found
  3. lynis Command Examples in Linux
  4. Image optimization with webp
  5. How to audit all Commands run on OEL 5,6 using auditd
  6. cd: Change the current working directory
  7. LVM Commands Fail With “Failed to load config file /etc/lvm/lvm.conf”
  8. How to Disable “Predictable Network Interface Device Names” in CentOS/RHEL 7
  9. visudo: command not found
  10. How to set “max_report_luns” and “max_luns” on CentOS/RHEL 6 to scan more than 512 LUNs

You May Also Like

Primary Sidebar

Recent Posts

  • ctags: Generates an index (or tag) file of language objects found in source files for many popular programming languages
  • csvtool: Utility to filter and extract data from CSV formatted sources
  • csvstat: Print descriptive statistics for all columns in a CSV file
  • csvsql: Generate SQL statements for a CSV file or execute those statements directly on a database

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright