LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   turn off http port 80, keep https port 443 (https://www.linuxquestions.org/questions/linux-networking-3/turn-off-http-port-80-keep-https-port-443-a-288442/)

lothario 02-10-2005 04:29 AM
turn off http port 80, keep https port 443
 
With a fresh FC3 install, the system has both ports working:
port 80 = http://192.168.5.100
port 443 = https://192.168.5.100

How can I stop port 80 and
continue secure access on port 443 only?


Under Security Level Configuration, I un-checked WWW (HTTP)
But the system still responds to both:
http://192.168.5.100
https://192.168.5.100

Why is this?

I tested the same on a friend's FC3 box and got the same results. :confused:

hamish 02-10-2005 04:36 AM
You might have to restart the firewall with the new rules, after you unchecked that box.

Hamish

lothario 02-10-2005 09:37 PM
I even reboot the system.

But the system still responds to:
http://192.168.5.100

Here is the "/etc/sysconfig/iptables"
Code:
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 3306 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
As you can see port 80 is no longer there.
But http traffic is still some how getting through to Apache.

shazam75 02-11-2005 03:28 AM
I think u should try and install a line in there somewhere explicitly dealing with that port - somthing like this

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j REJECT

shazam75 02-11-2005 03:32 AM
Better still

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j REJECT

overlord73 02-11-2005 03:44 AM
why not remove port 80 from apache and only allow 443 instead of configuring the firewall?

hamish 02-11-2005 04:06 AM
Hey
I'm fairly new to iptables, but does this line not say to allow all incoming, outgoing and forwarded packets?

Quote:
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
if so, there is no reason to have a firewall at all!!
hamish


All times are GMT -5. The time now is 06:20 AM.