iptables prevent some allow some

john8675309 · 02-01-2004, 07:03 PM

I am trying to learn iptables and I have a question I am sure is simple but I can't figure it out:

I need to deny all internet traffic from eth1 <- internal to eth0 <-Internet
but I want to allow port 80 and port 443

how can this be accomplished?

thanks,
John

qwijibow · 02-01-2004, 07:17 PM

those questions are answered in the manual page.

man iptables.

john8675309 · 02-01-2004, 07:40 PM

Does anyone have an answer

german · 02-01-2004, 08:40 PM

log in, and type "man iptables". what you want to do is explained in detail there.

HTH

B.

YMHiK · 02-01-2004, 10:33 PM

Though I'm no expert in iptables, this may do the trick:
iptables -A FORWARD -i eth1 -o eth0 -p tcp --destination-port ! 80 -j DROP
iptables -A FORWARD -i eth1 -o eth0 -p tcp --destination-port ! 443 -j DROP

This is an example for tcp protocol.

qwijibow · 02-02-2004, 03:36 AM

iptables -A FORWARD -i eth1 -o eth0 -p tcp --destination-port ! 80 -j DROP
iptables -A FORWARD -i eth1 -o eth0 -p tcp --destination-port ! 443 -j DROP

i think he wanted to allow those ports, not drop them.

YMHiK · 02-02-2004, 10:38 AM

It will drop any packet going to any port except to 80 and 443( notice ! .. not operator).
Moreover, you may need to put REJECT in place of DROP if you want.