0

I am very new to using Iptables, and I am attempting to only allow the outgoing tcp traffic from port 51355 on eth0

Here is an attempt based on what I have found online so far:

iptables -A OUTPUT -o eth0 ! -p tcp --dport 51355-j DROP

When this is run I get an invalid argument error. Any help would be much appreciated/

asked Jun 20, 2020 at 23:16

2 Answers 2

1

I recomend to you first give permision to the trafic of dport 51355 and then drop everything else on the interface

like

-A OUTPUT -p tcp -m tcp -o eth0 --sport 51355 -j ACCEPT
-A OUTPUT -o eth0 -j DROP
answered Jun 21, 2020 at 0:00
1
  • Thanks so much I will give this a try Commented Jun 21, 2020 at 0:03
1

you must specify which module you want to use before use ! .

iptables -A OUTPUT -o eth0 -p tcp -m tcp ! --dport 51355 -j DROP

with iptables-save -c you can see how many times each rule is used

Now if you want to some more complex , somestime is better to create a chain

A more complex example , with a creation of a chain :

iptables -N FILTERBOT
iptables -A OUTPUT -o eth0 -j FILTERBOT
iptables -A FILTERBOT -p udp -j RETURN
iptables -A FILTERBOT -p tcp -m tcp ! --dport 51355 -j DROP
iptables -A FILTERBOT -m limit --limit 1/s -j LOG --log-prefix "CHAIN-FILTERBOT:"
iptables -A FILTERBOT -j DROP

PS: more informations for each module in man iptables-extensions

answered Jun 20, 2020 at 23:58
1
  • Thank you, this is what I am looking for and the extra info is much appreciated for learning more about iptables! Commented Jun 21, 2020 at 0:03

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.