Aug 11, 2011
tom

IPtables block port 8080 but not for localhost

Question

Currently I have an application that is running on 8080 front-ended by mod_proxy.

    <Location /hudson>
            Order allow,deny
            Allow from all
            ProxyPass http://localhost:8080/hudson
            ProxyPassReverse http://localhost:8080/hudson
    </Location>

I need to block TCP 8080 but not for the localhost how can this be done with IPtables?

Answer

You could try the following:

// accept all tcp on port 8080 from localhost  
iptables -I INPUT 1 -i lo -p tcp --dport 8080 -j ACCEPT  [...] all your other rules  
// drop all other packets  
iptables -A INPUT -j DROP  

If you wanted to allow also 1 (or more) external/other IP you can use this:

// accept tcp on port 8080 from allowed_ip  
iptables -I INPUT 3 -i eth0 -p tcp --dport 8080 -s allowed_ip -j ACCEPT

Let me know how it goes :)

Related posts:

  1. Multiple web-services all running on port 80 with IPTABLES
  2. Problem with sendmail combined with iptables
  3. iptables refuses connections to squid port on CentOS 5.5
  4. Why did iptables suddenly block HAProxy
  5. Iptables PREROUTING to redirect port 80 through varnish for selected IP

Leave a comment