Firewall rules to block unwanted protocolls on given ports

Steven Susbauer steven at too1337.com
Sat Mar 19 21:31:08 UTC 2011


On 3/19/11 8:05 AM, johhny_at_poland77 wrote:
> Does somebody has an idea, that what kind of iptables/pf rule must i use
> to achieve this?:
> 
> i only want to allow these connections [on the output chain]:
> 
> on port 53 output only allow udp - dns
> on port 80 output only allow tcp - http
> on port 443 output only allow tcp - https
> on port 993 output only allow tcp - imaps
> on port 465 output only allow tcp - smtps
> on port 22 output only allow tcp - ssh
> on port 20-21 output only allow cp - ftp
> on port 989-990 output only allow tcp - ftps
> on port 1194 output only allow udp - OpenVPN
> 
> So that e.g.: OpenVPN on port 443 would be blocked, because only HTTPS
> is allowed on port 443 outbound.
> 
> Any ideas? :\

http://l7-filter.clearfoundation.com/

iptables alone does not categorize traffic based on the application
protocol.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 551 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20110319/a1dfe499/attachment.sig>


More information about the ubuntu-users mailing list