Firewall rules to block unwanted protocolls on given ports
Steven Susbauer
steven at too1337.com
Sat Mar 19 21:31:08 UTC 2011
On 3/19/11 8:05 AM, johhny_at_poland77 wrote:
> Does somebody has an idea, that what kind of iptables/pf rule must i use
> to achieve this?:
>
> i only want to allow these connections [on the output chain]:
>
> on port 53 output only allow udp - dns
> on port 80 output only allow tcp - http
> on port 443 output only allow tcp - https
> on port 993 output only allow tcp - imaps
> on port 465 output only allow tcp - smtps
> on port 22 output only allow tcp - ssh
> on port 20-21 output only allow cp - ftp
> on port 989-990 output only allow tcp - ftps
> on port 1194 output only allow udp - OpenVPN
>
> So that e.g.: OpenVPN on port 443 would be blocked, because only HTTPS
> is allowed on port 443 outbound.
>
> Any ideas? :\
http://l7-filter.clearfoundation.com/
iptables alone does not categorize traffic based on the application
protocol.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 551 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20110319/a1dfe499/attachment.sig>
More information about the ubuntu-users
mailing list