• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

CentOS / RHEL : How to block incoming and outgoing ports using iptables

by admin

It is always recommended to stop the services and block the ports which are not required. Keeping unwanted ports open, may cause vulnerability to the system. Depending on the requirement you can block both the incoming and outgoing traffic on a specific port.

Block Incoming Port

The syntax to block an incoming port using iptables is as follows. This applies to all the interfaces globally.

# iptables -A INPUT -p tcp --destination-port [port number] -j DROP

To block the port only on a specific interface use the -i option.

# iptables -A INPUT -i [interface name] -p tcp --destination-port [port number] -j DROP

To block port only for given IP or Subnet use the -s option to specify the subnet or IP addess.

# iptables -A INPUT -i [interface name] -p tcp --destination-port [port number] -s [ip address] -j DROP
# iptables -A INPUT -i [interface name] -p tcp --destination-port [port number] -s [ip subnet] -j DROP

For example:

To block port 21 (to block FTP), use the command below:

# iptables -A INPUT -p tcp --destination-port 21 -j DROP

Save the iptables for rules to be persistent across reboots.

# service iptables save

To block port 21 for a specific IP address (e.g. 10.10.10.10) on interface eth1 use the command :

# iptables -A INPUT -p tcp -i eth1 -s ! 10.10.10.10 --destination-port 21 -j DROP

Save the iptables for rules to be persistent across reboots.

# service iptables save

Block Outgoing Port

The syntax to block an outgoing port using iptables is as follows. This applies to all the interfaces globally.

# iptables -A OUTPUT -p tcp --destination-port [port number] -j DROP

To block the port only on a specific interface use the -i option.

# iptables -A OUTPUT -i [interface name] -p tcp --destination-port [port number] -j DROP

To block port only for given IP or Subnet use the -s option to specify the subnet or IP addess.

# iptables -A OUTPUT -i [interface name] -p tcp --destination-port [port number] -s [ip address] -j DROP
# iptables -A OUTPUT -i [interface name] -p tcp --destination-port [port number] -s [ip subnet] -j DROP

For example:

To block outgoing port # 25, use the below command.

# iptables -A OUTPUT -p tcp --destination-port 25 -j DROP

Save the iptables for rules to be persistent across reboots.

# service iptables save

To block port # 25 only for ip address 10.10.10.10 use the command :

# iptables -A OUTPUT -p tcp -d 10.10.10.10 --destination-port 25 -j DROP

Save the iptables for rules to be persistent across reboots.

# service iptables save

Filed Under: Linux

Some more articles you might also be interested in …

  1. e2undo: command not found
  2. cpuid Command Examples in Linux
  3. How to make ethtool settings persistent across reboots in CentOS / RHEL 6,7
  4. ark: command not found
  5. chsh Command Examples in Linux
  6. CentOS / RHEL 5 : How to rebuild Initial Ramdisk Image
  7. lvdisplay Command Examples in Linux
  8. Log watching using tail or less
  9. /etc/rsyslog.conf – Setup a Filter to Discard or Redirect Messages
  10. cpufreq-aperf: command not found

You May Also Like

Primary Sidebar

Recent Posts

  • ncat Command Examples in Linux
  • ncat: command not found
  • nautilus Command Examples in Linux
  • namei: command not found

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright