Add Ports to Iptables (aka hole in firewall)

branx86 · September 16, 2015, 11:40:49 AM

OPens Port
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

Accept tcp packets on destination port 6881 (bittorrent)
iptables -A INPUT -p tcp --dport 6881 -j ACCEPT

Accept tcp packets on destination multiple ports 6881-6890
iptables -A INPUT -p tcp --dport 6881:6890 -j ACCEPT

This will open up port 22 (SSH) to all incoming tcp connections which poses a potential security threat as hackers could try brute force cracking on accounts with weak passwords. However, if we know the IP addresses of trusted remote machines that will be used to log on using SSH, we can limit access to only these source IP addresses. For example, if we just wanted to open up SSH access on our private lan (192.168.0.x), we can limit access to just this source IP address range:

Accept tcp packets on destination port 22 (SSH) from private LAN
iptables -A INPUT -p tcp -s 192.168.0.0/24 --dport 22 -j ACCEPT

cBrandon Community

News:

Add Ports to Iptables (aka hole in firewall)

branx86