Block incoming port Iptables

cli_man · 08-11-2003, 06:41 PM

I need to be able to block all port 135 traffic going though my linux router, incoming and outgoing, how can I add a rule to my iptables to do that, I don't care to save the rule I just need to add it to what is already loaded.

This is a cache server so iptables is already being used, I want to block port 135 to stop a new virus that is really hitting our customers (W32.Blaster.Worm)

Thanks, I hope to hear from someone soon!

cli_man · 08-11-2003, 07:26 PM

Ok I think I got it, post if I did it wrong:

iptables -A INPUT -p tcp -i eth0 -s 0/0 --dport 135 -j DROP
iptables -A INPUT -p udp -i eth0 -s 0/0 --dport 135 -j DROP

When I did a iptables -L they were all there and I can still route traffic so I will assume that it is working, is there a log to see if it denies the traffic?

Thanks

seabass55 · 08-11-2003, 08:12 PM

How about having your customers patch their boxes?

Looks like you did it right. You can always have someone port scan you or do it online at someplace like http://scan.sygate.com/

cli_man · 08-11-2003, 08:21 PM

We have well over 1000 customers going through us and wanted a way to stop it quick, most of our customers don't have a clue what OS they have not alone if they patched there system, most of them don't know what Internet Exporer is even though they use it every day.

So in short by blocking this as quick as I could I just made my day tomarrow much better because I now don't need to trouble shoot 1,000 plus customers just the few that got it before I blocked it.

seabass55 · 08-11-2003, 08:27 PM

Oh I know...I was just giving you crap. I knew what you were up to. It was kinda aiming at being a windows joke

cli_man · 08-11-2003, 08:32 PM

The owner of the company I work for has been getting more and more linux friendly as we go throught one problem to another with our windows servers to where I was talking to him tonight and he said we are going to move all but 1 of our servers to linux in the next couple of weeks :-)

I have been slowly moving servers over to linux as we install new ones but now we will be migrating our existing nt 4.0 and 2000 servers over to linux, much fun to be had and a good tribute to Linux.