-1

I know that in RedHat, in the IP tables I can block incoming connections to a local port. I can also block connections from a specific IP.

But is it possible to block a connection from a specific IP address and the connection attempt is made from a service running at a specific port on the external IP?

So if I had something like,

iptables -A INPUT -s 202.54.20.22 -j DROP
iptables -A OUTPUT -d 202.54.20.22 -j DROP

Can I specify more specificity for that particular IP address and select a specific port to block? Let's say the service is running on port 5000 at 202.54.20.22, can I be that specific? Note that this service may not attempt to connect to port 5000 on the server, so just blocking that port on the server isn't what I am after.

Mars
  • 101
  • 5

1 Answers1

3

Yes, you can specify conditions on both (source) IP and (source) port in a single rule, both of which conditions must be satisfied in order to prevent communication, eg

iptables -I INPUT -s 202.54.20.22 -p tcp --sport 5000 -j DROP

Note that you must specify a protocol in order to use sport or dport, so if you wanted to block both TCP and UDP, two rules would be needed.

MadHatter
  • 79,770
  • 20
  • 184
  • 232