What is sport and dport?

linux security iptables firewall
98,205

Solution 1

Reality is you're asking 2 different questions.

  • --sport is short for --source-port

  • --dport is short for --destination-port

also the internet is not simply the HTTP protocol which is what typically runs on port 80. I Suspect you're asking how to block HTTP requests. to do this you need to block 80 on the outbound chain.

iptables -A OUTPUT -p tcp --dport 80 -j DROP

will block all outbound HTTP requests, going to port 80, so this won't block SSL, 8080 (alt http) or any other weird ports, to do those kinds of things you need L7 filtering with a much deeper packet inspection.

Solution 2

Just to extend the answer of @xenoterracide You can read more about iptables in the manpage iptables(8) (type man 8 iptables) but there you will not find --dport or --sport. These options are listed in iptables-extensions(8) in the section multiport, tcp, udp and elsewhere. This might be interesting to you.

To "stop the internet on your system", you can probably just turn off the network interface with sudo ifdown <INTERNET FACING INTERFACE> or sudo ip link set <INTERNET FACING INTERFACE> down for instance sudo ip link set eth0 down. To make this permanent, you need to have a look in /etc/network/interfaces (Ubuntu, Debian...) or /etc/sysconfig/network-scripts/ifcfg- (on RHEL, SLES, CentOS, Oracle Linux, Fedora...) or your network-manager config or anything else you use. This of course will cut any connections to or from "the internet" even the not HTTP based ones and will prevent the slight performance hit of using iptables and processing OSI/ISO layer 2 traffic.

Share:
98,205

Related videos on Youtube

Chankey Pathak
Author by

Chankey Pathak

Note: Inactive since past 4 years (restrictions at workplace) Project: TutsWiki - An open source platform to provide collaborative tutorials. LinuxStall - A place for all your Linux needs. Find me: Google+ Twitter LinkedIn GitHub Email: [email protected]

Updated on September 18, 2022

Comments

  • Chankey Pathak
    Chankey Pathak over 1 year

    I want to stop internet on my system using iptables so what should I do?

    iptables -A INPUT -p tcp --sport 80 -j DROP

    or

    iptables -A INPUT -p tcp --dport 80 -j DROP ?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

iptables blocking from internet side on eth1?
Iptables: Block all countries except my own for specific port
iptables - Block incoming on Eth1 and Allow All from eth0
Firewalld - Logging denied packets enabled - not logging
Iptables: Blocking outbound traffic except to certain IP addresses
A secure, standard iptables rule-set for a basic HTTP(s) webserver
Why not block ICMP?
REJECT vs DROP when using iptables
Help! My server has been hacked - .IptabLes and .IptabLex in /boot
How do I allow multiple ports simultaneously in UFW?