How to configure iptables so an unwanted port is not reported as filtered

Don't use DROP, that's easily identified as "filtered" if you know the box is up. Instead, you may use the following to send a RST. (as if there is a service listening, but it doesn't accept connections from you)

-A INPUT -p tcp -m tcp --dport 22 -j REJECT --reject-with tcp-reset

Or otherwise simply use the following to make the port look closed. (as if there is no service listening on it)

-A INPUT -p tcp -m tcp --dport 22 -j REJECT

-A INPUT -p tcp -m tcp --dport 995 -j REJECT --reject-with tcp-reset

should be doing what you want (reply with RST).

How to configure iptables so an unwanted port is not reported as filtered

Tags:

Linux

Security

Tcp

Iptables

Tcpip

Related

Recent Posts