How to block 111 udp port via iptables?
29,910
Depending on how nice you want to be to the client, a possible solution can be:
iptables -I INPUT -p udp --dport 111 -j DROP
or
iptables -I INPUT -p udp --dport 111 -j REJECT
Author by
ANtlord
Updated on September 18, 2022Comments
-
ANtlord almost 2 years
I've got an issue related to block 111 port only for
udp
. Fortcp
it was blocked without any problem. This port is used by applicationrpcbind
. I test it vianetcat
. This is my iptables. It contains empty chainFORWARD
, because I've removed all rules from it for easy understanding.Chain INPUT (policy ACCEPT) num target prot opt source destination 1 DROP udp -- anywhere anywhere udp dpt:sunrpc 2 DROP tcp -- anywhere anywhere tcp dpt:sunrpc Chain FORWARD (policy ACCEPT) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination 1 DOCKER-OVERLAY all -- anywhere anywhere Chain DOCKER (0 references) num target prot opt source destination Chain DOCKER-ISOLATION (0 references) num target prot opt source destination 1 DROP all -- anywhere anywhere 2 DROP all -- anywhere anywhere 3 RETURN all -- anywhere anywhere Chain DOCKER-OVERLAY (1 references) num target prot opt source destination
This port will be opened for set of server but they don't exist in iptables right now for easy understanding too. What must I do for blocking 111 port over udp?
-
ANtlord almost 8 yearsThank you very much! 2nd case works for me. But important thing. 1st case mustn't exists in chain. If to add it before 2nd case, than it will not work.
-
kofemann almost 8 yearsThat's why there is an OR between lines. DROP, as name says, will drop the packet without reply. The client will fail with timeout. REJECT will be seen as connection refused.