LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Iptables
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-08-2013, 05:28 AM   #1
mail2ganesh.cse
Member
 
Registered: Apr 2012
Posts: 65

Rep: Reputation: Disabled
Thumbs down Iptables

hi,

ineed to drop the gtalk port for an specific i.p. in my network, i googled for it.. i got it this
Block Access To Outgoing IP TCP / UDP Port Number

It is also possible to block specific port numbers. For example, you can block tcp port # 5050 as follows:
iptables -A OUTPUT -p tcp –dport 5050 -j DROP

To block tcp port # 5050 for an IP address 192.168.1.2 only, enter:
iptables -A OUTPUT -p tcp -d 192.168.1.2 –dport 5050 -j DROP

but when i entre in to my confir
/etc/sysconfig/iptables/
its showng the error

[root@localhost ~]# vim /etc/sysconfig/iptables
[root@localhost ~]# service iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter nat [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: iptables-restore v1.3.5: multiple -d flags not allowed
Error occurred at line: 14
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
pls help me to sort out this...
 
Old 01-08-2013, 06:28 AM   #2
eSelix
Senior Member
 
Registered: Oct 2009
Location: Wroclaw, Poland
Distribution: Arch, Kubuntu
Posts: 1,281

Rep: Reputation: 320Reputation: 320Reputation: 320Reputation: 320
Quote:
multiple -d flags not allowed ... at line: 14
Code:
iptables -A OUTPUT -p tcp --dport 5050 -j DROP
iptables -A OUTPUT -p tcp -d 192.168.1.2 --dport 5050 -j DROP
Notice the double minus "--" signs on "--dport" option. The simple usual rule with most commands is that single letter options are preceded by single minus "-a -b -c" or equivalent "-abc" and multi-letters options are preceded by double minus "--something --otherthing". Your "-dport" options was interpreted as "-d -p -o -r -t" options by iptables command.
Last edited by eSelix; 01-08-2013 at 06:30 AM.
 
Old 01-08-2013, 07:20 AM   #3
vishesh
Member
 
Registered: Feb 2008
Distribution: Fedora,RHEL,Ubuntu
Posts: 661

Rep: Reputation: 66
Quote:
Originally Posted by mail2ganesh.cse View Post
hi,
iptables -A OUTPUT -p tcp -d 192.168.1.2 –dport 5050 -j DROP
Is wrong , It should be

iptables -A OUTPUT -d 192.168.1.2 -p tcp -–dport 5050 -j DROP

Thanks
Last edited by vishesh; 01-08-2013 at 08:34 AM.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables can't initialize iptables table `filter': Bad file descriptor donalbane Linux - Networking 2 08-17-2011 08:36 AM
iptables error in android: iptables-save and iptables-restore not working preetb123 Linux - Mobile 5 04-11-2011 01:56 PM
iptables v1.2.9: Unknown arg `/sbin/iptables' Try `iptables -h' or 'iptables --help' Niceman2005 Linux - Security 4 12-29-2005 08:20 PM
IPtables Log Analyzer from http://www.gege.org/iptables/ brainlego Linux - Software 0 08-11-2003 06:08 AM
My iptables script is /etc/sysconfig/iptables. How do i make this baby execute on boo ForumKid Linux - General 3 01-22-2002 07:36 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:43 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration