To block outgoing traffic to a port, (e.g. port 123), use:<\/p>\n

iptables -A OUTPUT -p tcp --dport 123 -j DROP<\/pre>\n
Common iptables commands<\/strong><\/p>\n
List all rules in all chains in verbose mode and display the IP addresses and port numbers instead host names and services, including the interface name, the rule options (if any), and the TOS masks:<\/p>\n
iptables -nvL | less<\/pre>\n
Chain INPUT (policy ACCEPT 17M packets, 3161M bytes)\r\n pkts bytes target     prot opt          in     out     source               destination\r\n  90M   18G cP-Firewall-1-INPUT  all  --  *      *       0.0.0.0\/0            0.0.0.0\/0\r\n\r\nChain FORWARD (policy ACCEPT 0 packets, 0 bytes)\r\n pkts bytes target     prot opt           in     out     source               destination\r\n    0     0 cP-Firewall-1-INPUT  all  --  *      *       0.0.0.0\/0            0.0.0.0\/0\r\n\r\nChain OUTPUT (policy ACCEPT 16M packets, 5107M bytes)\r\n pkts bytes target     prot opt in     out  source     destination\r\n    0     0 ACCEPT     tcp  --  *      *   0.0.0.0\/0  0.0.0.0\/0  multiport dports 25,465,587 owner GID match 32006\r\n18618 9100K ACCEPT     tcp  --  *      *   0.0.0.0\/0  0.0.0.0\/0  multiport dports 25,465,587 owner GID match 12\r\n    0     0 ACCEPT     tcp  --  *      *   0.0.0.0\/0  127.0.0.1  multiport dports 25,465,587 owner UID match 32001\r\n10686  946K ACCEPT     tcp  --  *      *   0.0.0.0\/0  0.0.0.0\/0  multiport dports 25,465,587 owner UID match 0\r\n\r\nChain cP-Firewall-1-INPUT (2 references)\r\n pkts bytes target     prot opt in     out     source               destination\r\n   39  2264 ACCEPT     tcp  --  *      *       0.0.0.0\/0            0.0.0.0\/0           state NEW tcp dpt:993\r\n   54  2872 ACCEPT     tcp  --  *      *       0.0.0.0\/0            0.0.0.0\/0           state NEW tcp dpt:53\r\n 7509  450K ACCEPT     tcp  --  *      *       0.0.0.0\/0            0.0.0.0\/0           state NEW tcp dpt:21\r\n 557K   34M ACCEPT     tcp  --  *      *       0.0.0.0\/0            0.0.0.0\/0           state NEW tcp dpt:443\r\n19655 1142K ACCEPT     tcp  --  *      *       0.0.0.0\/0            0.0.0.0\/0           state NEW tcp dpt:80\r\n 1057 43388 ACCEPT     tcp  --  *      *       0.0.0.0\/0            0.0.0.0\/0           state NEW tcp dpt:8080\r\n 7533  452K ACCEPT     tcp  --  *      *       0.0.0.0\/0            0.0.0.0\/0           state NEW tcp dpt:143\r\n  382 16664 ACCEPT     tcp  --  *      *       0.0.0.0\/0            0.0.0.0\/0           state NEW tcp dpt:22\r\n2871K  173M ACCEPT     tcp  --  *      *       0.0.0.0\/0            0.0.0.0\/0           state NEW tcp dpt:995\r\n23539 1284K ACCEPT     tcp  --  *      *       0.0.0.0\/0            0.0.0.0\/0           state NEW tcp dpt:110\r\n 8353  500K ACCEPT     tcp  --  *      *       0.0.0.0\/0            0.0.0.0\/0           state NEW tcp dpt:25\r\n   71  3680 ACCEPT     tcp  --  *      *       0.0.0.0\/0            0.0.0.0\/0           state NEW tcp dpt:465\r\n 519K   31M ACCEPT     tcp  --  *      *       0.0.0.0\/0            0.0.0.0\/0           state NEW tcp dpt:3306\r\n  132  9948 ACCEPT     udp  --  *      *       0.0.0.0\/0            0.0.0.0\/0           state NEW udp dpt:53\r\n\r\n\r\n<\/pre>\n
To display rules in chains with rule numbers, use:<\/p>\n
iptables -nvL --line-numbers<\/pre>\n
This is useful if you want to delete a rule (e.g. delete rule number 9 from the INPUT chain):<\/p>\n
iptables -D INPUT 9<\/pre>\n
Or, add a rule between two existing rules (e.g. add a firewall rule between rules number 2 and 3):<\/p>\n
iptables -I OUTPUT 3 -d 127.0.0.1\/32 -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner 201 -j ACCEPT\r\n\r\n<\/pre>\n
In order to list all commands that were used to create the currently used iptables rules, use the following command:<\/p>\n
iptables -S\r\n\r\n<\/pre>\n
This command is useful if you need to edit or delete some firewall rules.<\/p>\n
-P INPUT ACCEPT\r\n-P FORWARD ACCEPT\r\n-P OUTPUT ACCEPT\r\n-N cP-Firewall-1-INPUT\r\n-A INPUT -j cP-Firewall-1-INPUT\r\n-A FORWARD -j cP-Firewall-1-INPUT\r\n-A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --gid-owner mailman -j ACCEPT\r\n-A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --gid-owner mail -j ACCEPT\r\n-A OUTPUT -d 127.0.0.1\/32 -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner cpanel -j ACCEPT\r\n-A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner root -j ACCEPT\r\n-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 993 -j ACCEPT\r\n-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT\r\n-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT\r\n-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT\r\n-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT\r\n-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT\r\n-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 143 -j ACCEPT\r\n-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT\r\n-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 995 -j ACCEPT\r\n-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT\r\n-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT\r\n-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 465 -j ACCEPT\r\n-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT\r\n-A cP-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT\r\n<\/pre>\n
Clear all firewall rules:<\/strong><\/p>\n
iptables -F\r\n<\/pre>\n
Use \u2018iptables -h | less\u2019 for more information on all iptables command options.<\/p>\n
Hope this article helps you, please share your valuable comments to improve us.<\/p>\n
For, Monitoring linux system using command line tools : Click here<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
...<\/p>\n","protected":false},"author":1,"featured_media":922,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[12],"tags":[164,165,163,166],"class_list":["post-861","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-common-firewall-rules","tag-iptables-command","tag-linux-firewall","tag-linux-firewall-rules"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2018\/06\/firewall.jpg?fit=678%2C340&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9NOHH-dT","jetpack-related-posts":[{"id":1004,"url":"https:\/\/www.webhostingchennai.co.in\/blog\/firewall-setup-on-dedicated-linux-server\/","url_meta":{"origin":861,"position":0},"title":"Basic Firewall Setup on Dedicated Linux Server","author":"Cavin","date":"August 3, 2018","format":false,"excerpt":"Basic Firewall Setup on Dedicated Linux Server A firewall will stop any unusual activities on one network from being passed on to another network. In most systems the Linux kernel is compiled with IP forwarding set to yes. This means is that if the computer has more than one network\u2026","rel":"","context":"In "LINUX"","block_context":{"text":"LINUX","link":"https:\/\/www.webhostingchennai.co.in\/blog\/category\/linux\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2018\/08\/firewall-setup.jpg?fit=630%2C316&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2018\/08\/firewall-setup.jpg?fit=630%2C316&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2018\/08\/firewall-setup.jpg?fit=630%2C316&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":1604,"url":"https:\/\/www.webhostingchennai.co.in\/blog\/top-50-linux-commands\/","url_meta":{"origin":861,"position":1},"title":"Top 50 Linux Commands","author":"Cavin","date":"September 22, 2021","format":false,"excerpt":"Top 50 Linux Commands you must know as a regular user Here, let us see the top 50 linux commands, used on regular basis ls \u2013 The most frequently used command in Linux to list directories pwd \u2013 Print working directory command in Linux cd \u2013 Linux command to navigate\u2026","rel":"","context":"In "CentOS \/ REDHAT"","block_context":{"text":"CentOS \/ REDHAT","link":"https:\/\/www.webhostingchennai.co.in\/blog\/category\/linux\/centos-redhat\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2021\/09\/50-commands.jpg?fit=640%2C260&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2021\/09\/50-commands.jpg?fit=640%2C260&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2021\/09\/50-commands.jpg?fit=640%2C260&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":1521,"url":"https:\/\/www.webhostingchennai.co.in\/blog\/useful-csf-commands-in-linux\/","url_meta":{"origin":861,"position":2},"title":"Useful CSF commands in Linux","author":"Cavin","date":"April 30, 2019","format":false,"excerpt":"Useful CSF commands in Linux CSF,\u00a0a\u00a0firewall application suite for Linux servers. CSF is also a Login\/Intrusion Detection for applications like SSH, SMTP, IMAP, Pop3, the \u201csu\u201d command etc,. It also checks for login authentication failures on mail servers (Exim, IMAP, Dovecot, uw-imap, Kerio), OpenSSH servers, Ftp servers (Pure-ftpd, vsftpd, Proftpd),\u2026","rel":"","context":"In "CentOS \/ REDHAT"","block_context":{"text":"CentOS \/ REDHAT","link":"https:\/\/www.webhostingchennai.co.in\/blog\/category\/linux\/centos-redhat\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2019\/04\/csf-commands-1.jpg?fit=640%2C260&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2019\/04\/csf-commands-1.jpg?fit=640%2C260&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2019\/04\/csf-commands-1.jpg?fit=640%2C260&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":964,"url":"https:\/\/www.webhostingchennai.co.in\/blog\/installing-netdata\/","url_meta":{"origin":861,"position":3},"title":"Installing Netdata – A Real Time Performance Monitoring Tool","author":"Cavin","date":"July 13, 2018","format":false,"excerpt":"How to install Netdata in CentOS 7 Installing Netdata : Netdata is a free open soure software which collects a real-time performance data from Linux systems, Application, SNMP devices and visualize it in the web-based interface. Netdata also provides the visualization of past data\u2019s. In simple word, it provides a\u2026","rel":"","context":"In "MONITORING TOOLS"","block_context":{"text":"MONITORING TOOLS","link":"https:\/\/www.webhostingchennai.co.in\/blog\/category\/monitoring-tools\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2018\/07\/netdata-2.jpg?fit=640%2C240&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2018\/07\/netdata-2.jpg?fit=640%2C240&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2018\/07\/netdata-2.jpg?fit=640%2C240&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":1679,"url":"https:\/\/www.webhostingchennai.co.in\/blog\/10-simple-steps-to-blocking-ip\/","url_meta":{"origin":861,"position":4},"title":"10 Simple Steps to Blocking IP Addresses Using Windows Firewall","author":"Cavin","date":"October 25, 2021","format":false,"excerpt":"10 Simple Steps to Blocking IP Addresses Using Windows Firewall Windows server has a firewall which also help us to prevent malicious attacks. This firewall looks at anything attempting to access your server and compares it to a set of rules. If it breaks the rules, your firewall doesn't let\u2026","rel":"","context":"In "WINDOWS"","block_context":{"text":"WINDOWS","link":"https:\/\/www.webhostingchennai.co.in\/blog\/category\/windows\/"},"img":{"alt_text":"10 Simple Steps to Blocking IP Addresses Using Windows Firewall","src":"https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2021\/10\/windows-firewall.jpg?fit=640%2C260&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2021\/10\/windows-firewall.jpg?fit=640%2C260&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2021\/10\/windows-firewall.jpg?fit=640%2C260&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":2070,"url":"https:\/\/www.webhostingchennai.co.in\/blog\/protect-cpanel-server-from-ddos-attacks\/","url_meta":{"origin":861,"position":5},"title":"How Firewalls Protect Your cPanel Server from DDoS Attacks","author":"Cavin","date":"October 24, 2024","format":false,"excerpt":"DDoS Attack - Distributed Denial of Service (DDoS) attacks are one of the most common and disruptive forms of cyberattacks that can target any server connected to the internet. They involve overwhelming a server with an enormous amount of traffic, effectively making it unavailable to legitimate users. In a cPanel\u2026","rel":"","context":"In "VPS"","block_context":{"text":"VPS","link":"https:\/\/www.webhostingchennai.co.in\/blog\/category\/vps\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2024\/10\/firewalls-protect-your-cpanel-server-hero.jpg?fit=991%2C515&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2024\/10\/firewalls-protect-your-cpanel-server-hero.jpg?fit=991%2C515&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2024\/10\/firewalls-protect-your-cpanel-server-hero.jpg?fit=991%2C515&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2024\/10\/firewalls-protect-your-cpanel-server-hero.jpg?fit=991%2C515&ssl=1&resize=700%2C400 2x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.webhostingchennai.co.in\/blog\/wp-json\/wp\/v2\/posts\/861","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.webhostingchennai.co.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.webhostingchennai.co.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.webhostingchennai.co.in\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.webhostingchennai.co.in\/blog\/wp-json\/wp\/v2\/comments?post=861"}],"version-history":[{"count":3,"href":"https:\/\/www.webhostingchennai.co.in\/blog\/wp-json\/wp\/v2\/posts\/861\/revisions"}],"predecessor-version":[{"id":1158,"href":"https:\/\/www.webhostingchennai.co.in\/blog\/wp-json\/wp\/v2\/posts\/861\/revisions\/1158"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.webhostingchennai.co.in\/blog\/wp-json\/wp\/v2\/media\/922"}],"wp:attachment":[{"href":"https:\/\/www.webhostingchennai.co.in\/blog\/wp-json\/wp\/v2\/media?parent=861"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.webhostingchennai.co.in\/blog\/wp-json\/wp\/v2\/categories?post=861"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.webhostingchennai.co.in\/blog\/wp-json\/wp\/v2\/tags?post=861"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}