How to DROP connection in IPTABLES? [SOLVED]


Written By - Omer Cakmak
Advertisement

What is IPTABLES?

iptables is a GPL licensed utility that allows the Linux kernel firewall to configure IP packet filter rules. Filters are organized in different tables that contain chains of rules for how packets of network traffic should be handled.

Each rule contains what to do with that package (ACCEPT, REJECT etc) when it matches the package rule of a package. When a packet is matched, it is given a TARGET. When a new rule is added you can define the target as follows:

  • ACCEPT: Passing of packets is allowed.
  • REJECT: Access denied packets.
  • DROP: Passing of packets is not allowed.
  • RETURN: Sent to the end of the chain.
  • QUEUE: Packets are sent to the user area.

 

Different methods to DROP connection in IPTABLES

Packages arriving on your system may need to be dropped. This is sometimes a security reason. In this article we will tell you how to DROP iptables packages.

NOTE:

Elevated privileges (sudo/wheel) are required for iptables to work and must be executed by root user, otherwise it will not work.

 

Method-1: Drop traffic connections on Localhost

When traffic goes from your machine to your machine, it always has a "lo" input interface. Source or destination IP address does not matter. The iptables rule should be written like this:

sudo iptables -I INPUT ! -i lo -p tcp --dport <port> -j DROP

You should write the port you want to drop in the <port> part. For example, to drop input connections with port 80:

foc@ubuntu22:~$ sudo iptables -I INPUT ! -i lo -p tcp --dport 80 -j DROP

To drop output connections with port 80:

foc@ubuntu22:~$ sudo iptables -I OUTPUT ! -i lo -p tcp --dport 80 -j DROP

The rule added with the -L parameter is displayed:

foc@ubuntu22:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       tcp  --  anywhere             anywhere             tcp dpt:http
...

 

Advertisement

Method-2: Drop connections on specific Port

In the above step, we added a drop rule to localhost. Now, to add a drop rule to a specific port, it should be written as follows:

sudo iptables -I INPUT -p tcp --dport <port> -s 127.0.0.1 -j DROP

For example, to drop connections from 192.168.122.3 source ip address to port 443:

foc@ubuntu22:~$ sudo iptables -I INPUT -p tcp --dport 443 -s 192.168.122.3 -j DROP

The added rule looks like this:

foc@ubuntu22:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       tcp  --  192.168.122.3        anywhere             tcp dpt:https
....

 

Method-3: Drop Packets By Source Host

To drop connections from a specific source without specifying any ports:

sudo iptables -A INPUT -s 192.168.42.1 -j DROP

The added rule looks like this:

foc@ubuntu22:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       all  --  192.168.42.1         anywhere
...

If you want to specify an IP range to reject incoming packets, you can use the Iprange module by specifying the -m option and the IP range with -src-range:

sudo iptables -A INPUT -m iprange --src-range 192.168.42.100-192.168.42.200 -j DROP

Let's look at the rule with the -L parameter:

foc@ubuntu22:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination           
DROP       all  --  anywhere             anywhere             source IP range 192.168.42.100-192.168.42.200
...

 

Method-4: DROP All Incoming or Outgoing Traffic

Sometimes it may be necessary to disconnect all connections for a specific reason.

Advertisement
sudo iptables -A INPUT -j DROP

But after this command all your connections, including ssh, will be disconnected. Make sure you're next to the server or that we have access!

To drop all output connections:

sudo iptables -A OUTPUT -j DROP

 

What is NEXT?

 

Summary

The firewall of an operating system is important. Incoming and outgoing connections to the system pass/return through this firewall wall. Care should be taken when adding a rule and deleting it. We recommend testing the rules on your test system before adding them.

For more detailed information about IPTABLES, you can get help on the manual page.

 

References

serverfault.com - REJECT vs DROP when using iptables

 

Didn't find what you were looking for? Perform a quick search across GoLinuxCloud

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can either use the comments section or contact me form.

Thank You for your support!!

Leave a Comment