IPtables block port 8080 but not for localhost

Question

Currently I have an application that is running on 8080 front-ended by mod_proxy.

    <Location /hudson>
            Order allow,deny
            Allow from all
            ProxyPass http://localhost:8080/hudson
            ProxyPassReverse http://localhost:8080/hudson
    </Location>

I need to block TCP 8080 but not for the localhost how can this be done with IPtables?

score 15 · Answer 1 · answered Mar 18 '11 at 04:37

15

This would work:

iptables -A INPUT ! -s 127.0.0.1 -p tcp -m tcp --dport 8080 -j DROP

answered Mar 18 '11 at 04:37

Pratik Amin

3,303

score 7 · Accepted Answer · edited Mar 18 '11 at 05:46

You could try the following:

// accept all tcp on port 8080 from localhost  
iptables -I INPUT 1 -i lo -p tcp --dport 8080 -j ACCEPT  

[...] all your other rules  
// drop all other packets  
iptables -A INPUT -j DROP

If you wanted to allow also 1 (or more) external/other IP you can use this:

// accept tcp on port 8080 from allowed_ip  
iptables -I INPUT 3 -i eth0 -p tcp --dport 8080 -s allowed_ip -j ACCEPT

Let me know how it goes :)

score 1 · Answer 3 · answered Mar 18 '11 at 06:19

1

Another approach: in server listening 8080, bind only to localhost: For apache it looks like following:

Listen 127.0.0.1:8080
<VirtualHost 127.0.0.1:8080>
...
</VirtualHost>

answered Mar 18 '11 at 06:19

rvs

4,225

IPtables block port 8080 but not for localhost

3 Answers3

Linked