Portal Home > Knowledgebase > Articles Database > Deny all connections to certain port, except for 127.0.0.1


Deny all connections to certain port, except for 127.0.0.1




Posted by sh4ka, 05-28-2009, 09:32 AM
Hello, I have problems configuring some ports and rules on CSF on a cPanel server. Port 37500 is used by a Java web app, so, i opened both tcp incoming and outgoing ports: Then.. to allow access from the server IP and localhost, added this at csf.allow: csf.ignore: And to deny all access to the server on that specific port (except for the ones I whitelisted before), added this to csf.deny: Result = no one can connect to the server on that port, not even from the web app itself, it's not connecting to the port 37500. Any ideas about what I'm missing? How can I configure port 37500 to accept local connections (from the web server) and deny all external connections ? Thanks.

Posted by oldunis, 05-28-2009, 10:07 AM
Maybe the script isn't using the loopback interface but your server's ip? Try adding your server's ip to see if that helps.

Posted by sh4ka, 05-28-2009, 10:27 AM
I already did that.. see "my.server.ip.address" is a replacement to hide the server IP, but it is there, at csf.allow and csf.ignore. Any other ideas? Thanks.

Posted by sh4ka, 05-29-2009, 06:54 AM
Any suggestions please? Thanks.

Posted by sysgallery, 05-29-2009, 07:37 AM
iptables -A INPUT -p tcp --dport 37500 ! -s 127.0.0.1 -j DROP iptables -A OUTPUT -p tcp --dport 37500 ! -s 127.0.0.1 -j DROP iptables -A INPUT -p udp --dport 37500 ! -s 127.0.0.1 -j DROP iptables -A OUTPUT -p udp --dport 37500 ! -s 127.0.0.1 -j DROP service iptables save service iptables restart

Posted by sh4ka, 06-04-2009, 09:43 AM
Noup, still not working Any other ideas?

Posted by jNive, 06-04-2009, 06:13 PM
technically it should be iptables -A INPUT -p tcp --dport 37500 -i lo -j ACCEPT (should not be required if lo is exempted in iptables or CSF options) iptables -A INPUT -p tcp --dport 37500 -j DROP (in CSF - equivalent to just not specyfying the port in the TCP_IN array) make sure the app is listening on lo ( ::0/0 or 0.0.0.0/0 or preferably just on 127.0.0.1:37500)



Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
help on reseller (Views: 286)


Language:

Customer Testimonials

John Doe
It's a great service with fantastic support. It's definately good value for your money. Overall rating, 10 out of 10.
Mike Smith
Much better than my previous hosting company - I also got help with migration at no extra cost. Friendly support too.
Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.