How do you block a port on your loopback?
Clash Royale CLAN TAG#URR8PPP
up vote
3
down vote
favorite
I am doing some testing and want to be able to test situations where my database goes down. Its running on the same box as my tests, and it appears that things like the following are not doing the trick
iptables -A INPUT -p tcp --dport 25262 -j DROP
iptables -A INPUT -p tcp --sport 25262 -j DROP
iptables -A INPUT -p tcp --dport 25262 -i lo -j DROP
iptables -A INPUT -p tcp --dport 25262 -s 127.0.0.1 -j DROP
I am about to resort to killing my database process, move the file (because my database automatically comes back up on a crash), and let the test continue that way, but that seems like a terrible way to do it.
What is the right way to block a port on loopback?
networking iptables
asked Mar 11 '16 at 0:03
cylus
182
add a comment |Â
up vote
3
down vote
favorite
I am doing some testing and want to be able to test situations where my database goes down. Its running on the same box as my tests, and it appears that things like the following are not doing the trick
iptables -A INPUT -p tcp --dport 25262 -j DROP
iptables -A INPUT -p tcp --sport 25262 -j DROP
iptables -A INPUT -p tcp --dport 25262 -i lo -j DROP
iptables -A INPUT -p tcp --dport 25262 -s 127.0.0.1 -j DROP
I am about to resort to killing my database process, move the file (because my database automatically comes back up on a crash), and let the test continue that way, but that seems like a terrible way to do it.
What is the right way to block a port on loopback?
networking iptables
asked Mar 11 '16 at 0:03
cylus
182
Your iptables commands are appending to the chain. Is there a previous rule that allows all lo traffic?
– Jeff Schaller
Mar 11 '16 at 1:09
add a comment |Â
up vote
3
down vote
favorite
up vote
3
down vote
favorite
I am doing some testing and want to be able to test situations where my database goes down. Its running on the same box as my tests, and it appears that things like the following are not doing the trick
iptables -A INPUT -p tcp --dport 25262 -j DROP
iptables -A INPUT -p tcp --sport 25262 -j DROP
iptables -A INPUT -p tcp --dport 25262 -i lo -j DROP
iptables -A INPUT -p tcp --dport 25262 -s 127.0.0.1 -j DROP
I am about to resort to killing my database process, move the file (because my database automatically comes back up on a crash), and let the test continue that way, but that seems like a terrible way to do it.
What is the right way to block a port on loopback?
networking iptables
asked Mar 11 '16 at 0:03
cylus
182
I am doing some testing and want to be able to test situations where my database goes down. Its running on the same box as my tests, and it appears that things like the following are not doing the trick
iptables -A INPUT -p tcp --dport 25262 -j DROP
iptables -A INPUT -p tcp --sport 25262 -j DROP
iptables -A INPUT -p tcp --dport 25262 -i lo -j DROP
iptables -A INPUT -p tcp --dport 25262 -s 127.0.0.1 -j DROP
I am about to resort to killing my database process, move the file (because my database automatically comes back up on a crash), and let the test continue that way, but that seems like a terrible way to do it.
What is the right way to block a port on loopback?
networking iptables
networking iptables
asked Mar 11 '16 at 0:03
cylus
182
asked Mar 11 '16 at 0:03
cylus
182
asked Mar 11 '16 at 0:03
cylus
182
asked Mar 11 '16 at 0:03
cylus
182
asked Mar 11 '16 at 0:03
cylus
182
182
Your iptables commands are appending to the chain. Is there a previous rule that allows all lo traffic?
– Jeff Schaller
Mar 11 '16 at 1:09
add a comment |Â
Your iptables commands are appending to the chain. Is there a previous rule that allows all lo traffic?
– Jeff Schaller
Mar 11 '16 at 1:09
Your iptables commands are appending to the chain. Is there a previous rule that allows all lo traffic?
– Jeff Schaller
Mar 11 '16 at 1:09
Your iptables commands are appending to the chain. Is there a previous rule that allows all lo traffic?
– Jeff Schaller
Mar 11 '16 at 1:09
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
4
down vote
accepted
Command line command to DROP all loopback traffic (lo0)
$ [sudo] iptables -I INPUT --dport 25262 -i lo -j DROP
Explanation
Because iptables evaluates rules top to bottom and works on on a "first match wins" basis, you need to make sure your -i lo DROP rule is -I inserted to the top rather than -Aappended to the bottom of the rules, so it matches before another rule accepts the loopback traffic, e.g. if your DB was MySQL this rule might also match
INPUT -p tcp --dport 3306 ACCEPT
so if you did command:
$ [sudo] iptables -A INPUT --dport 25262 -i lo -j DROP
^^^ Notice the difference
your rules would look like this:
INPUT -p tcp --dport 3306 ACCEPT ---> this "wins" and request is accepted
INPUT --dport 25262 -i lo -j DROP
by running:
$ [sudo] iptables -I INPUT --dport 25262 -i lo -j DROP
your final rules would look like:
INPUT --dport 25262 -i lo -j DROP ---> this "wins" and request is DROP'ed
INPUT -p tcp --dport 3306 ACCEPT
... all your other rules
answered Mar 11 '16 at 2:19
the_velour_fog
5,15533356
Thanks for the complete explanation! That actually did the trick. I need to read the man pages a little closer :/
– cylus
Mar 11 '16 at 12:44
add a comment |Â
up vote
0
down vote
Loopback on.my android seems to be controlled using edge browser on win 7 laptop not sure if its update to 10 but in all this is doing all the watching reading listening and she REALLY OUGHT TO JUST KNOCK IT ALL OFF BEFORE ITS TOO LATE
answered 6 mins ago
Jeffrey O'Brien
1
New contributor
Jeffrey O'Brien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
4
down vote
accepted
Command line command to DROP all loopback traffic (lo0)
$ [sudo] iptables -I INPUT --dport 25262 -i lo -j DROP
Explanation
Because iptables evaluates rules top to bottom and works on on a "first match wins" basis, you need to make sure your -i lo DROP rule is -I inserted to the top rather than -Aappended to the bottom of the rules, so it matches before another rule accepts the loopback traffic, e.g. if your DB was MySQL this rule might also match
INPUT -p tcp --dport 3306 ACCEPT
so if you did command:
$ [sudo] iptables -A INPUT --dport 25262 -i lo -j DROP
^^^ Notice the difference
your rules would look like this:
INPUT -p tcp --dport 3306 ACCEPT ---> this "wins" and request is accepted
INPUT --dport 25262 -i lo -j DROP
by running:
$ [sudo] iptables -I INPUT --dport 25262 -i lo -j DROP
your final rules would look like:
INPUT --dport 25262 -i lo -j DROP ---> this "wins" and request is DROP'ed
INPUT -p tcp --dport 3306 ACCEPT
... all your other rules
answered Mar 11 '16 at 2:19
the_velour_fog
5,15533356
Thanks for the complete explanation! That actually did the trick. I need to read the man pages a little closer :/
– cylus
Mar 11 '16 at 12:44
add a comment |Â
up vote
4
down vote
accepted
Command line command to DROP all loopback traffic (lo0)
$ [sudo] iptables -I INPUT --dport 25262 -i lo -j DROP
Explanation
Because iptables evaluates rules top to bottom and works on on a "first match wins" basis, you need to make sure your -i lo DROP rule is -I inserted to the top rather than -Aappended to the bottom of the rules, so it matches before another rule accepts the loopback traffic, e.g. if your DB was MySQL this rule might also match
INPUT -p tcp --dport 3306 ACCEPT
so if you did command:
$ [sudo] iptables -A INPUT --dport 25262 -i lo -j DROP
^^^ Notice the difference
your rules would look like this:
INPUT -p tcp --dport 3306 ACCEPT ---> this "wins" and request is accepted
INPUT --dport 25262 -i lo -j DROP
by running:
$ [sudo] iptables -I INPUT --dport 25262 -i lo -j DROP
your final rules would look like:
INPUT --dport 25262 -i lo -j DROP ---> this "wins" and request is DROP'ed
INPUT -p tcp --dport 3306 ACCEPT
... all your other rules
answered Mar 11 '16 at 2:19
the_velour_fog
5,15533356
Thanks for the complete explanation! That actually did the trick. I need to read the man pages a little closer :/
– cylus
Mar 11 '16 at 12:44
add a comment |Â
up vote
4
down vote
accepted
up vote
4
down vote
accepted
Command line command to DROP all loopback traffic (lo0)
$ [sudo] iptables -I INPUT --dport 25262 -i lo -j DROP
Explanation
Because iptables evaluates rules top to bottom and works on on a "first match wins" basis, you need to make sure your -i lo DROP rule is -I inserted to the top rather than -Aappended to the bottom of the rules, so it matches before another rule accepts the loopback traffic, e.g. if your DB was MySQL this rule might also match
INPUT -p tcp --dport 3306 ACCEPT
so if you did command:
$ [sudo] iptables -A INPUT --dport 25262 -i lo -j DROP
^^^ Notice the difference
your rules would look like this:
INPUT -p tcp --dport 3306 ACCEPT ---> this "wins" and request is accepted
INPUT --dport 25262 -i lo -j DROP
by running:
$ [sudo] iptables -I INPUT --dport 25262 -i lo -j DROP
your final rules would look like:
INPUT --dport 25262 -i lo -j DROP ---> this "wins" and request is DROP'ed
INPUT -p tcp --dport 3306 ACCEPT
... all your other rules
answered Mar 11 '16 at 2:19
the_velour_fog
5,15533356
Command line command to DROP all loopback traffic (lo0)
$ [sudo] iptables -I INPUT --dport 25262 -i lo -j DROP
Explanation
Because iptables evaluates rules top to bottom and works on on a "first match wins" basis, you need to make sure your -i lo DROP rule is -I inserted to the top rather than -Aappended to the bottom of the rules, so it matches before another rule accepts the loopback traffic, e.g. if your DB was MySQL this rule might also match
INPUT -p tcp --dport 3306 ACCEPT
so if you did command:
$ [sudo] iptables -A INPUT --dport 25262 -i lo -j DROP
^^^ Notice the difference
your rules would look like this:
INPUT -p tcp --dport 3306 ACCEPT ---> this "wins" and request is accepted
INPUT --dport 25262 -i lo -j DROP
by running:
$ [sudo] iptables -I INPUT --dport 25262 -i lo -j DROP
your final rules would look like:
INPUT --dport 25262 -i lo -j DROP ---> this "wins" and request is DROP'ed
INPUT -p tcp --dport 3306 ACCEPT
... all your other rules
answered Mar 11 '16 at 2:19
the_velour_fog
5,15533356
edited Mar 11 '16 at 2:36
answered Mar 11 '16 at 2:19
the_velour_fog
5,15533356
answered Mar 11 '16 at 2:19
the_velour_fog
5,15533356
answered Mar 11 '16 at 2:19
the_velour_fog
5,15533356
5,15533356
Thanks for the complete explanation! That actually did the trick. I need to read the man pages a little closer :/
– cylus
Mar 11 '16 at 12:44
add a comment |Â
Thanks for the complete explanation! That actually did the trick. I need to read the man pages a little closer :/
– cylus
Mar 11 '16 at 12:44
Thanks for the complete explanation! That actually did the trick. I need to read the man pages a little closer :/
– cylus
Mar 11 '16 at 12:44
Thanks for the complete explanation! That actually did the trick. I need to read the man pages a little closer :/
– cylus
Mar 11 '16 at 12:44
add a comment |Â
up vote
0
down vote
Loopback on.my android seems to be controlled using edge browser on win 7 laptop not sure if its update to 10 but in all this is doing all the watching reading listening and she REALLY OUGHT TO JUST KNOCK IT ALL OFF BEFORE ITS TOO LATE
answered 6 mins ago
Jeffrey O'Brien
1
New contributor
Jeffrey O'Brien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |Â
up vote
0
down vote
Loopback on.my android seems to be controlled using edge browser on win 7 laptop not sure if its update to 10 but in all this is doing all the watching reading listening and she REALLY OUGHT TO JUST KNOCK IT ALL OFF BEFORE ITS TOO LATE
answered 6 mins ago
Jeffrey O'Brien
1
New contributor
Jeffrey O'Brien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |Â
up vote
0
down vote
up vote
0
down vote
Loopback on.my android seems to be controlled using edge browser on win 7 laptop not sure if its update to 10 but in all this is doing all the watching reading listening and she REALLY OUGHT TO JUST KNOCK IT ALL OFF BEFORE ITS TOO LATE
answered 6 mins ago
Jeffrey O'Brien
1
New contributor
Jeffrey O'Brien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Loopback on.my android seems to be controlled using edge browser on win 7 laptop not sure if its update to 10 but in all this is doing all the watching reading listening and she REALLY OUGHT TO JUST KNOCK IT ALL OFF BEFORE ITS TOO LATE
answered 6 mins ago
Jeffrey O'Brien
1
New contributor
Jeffrey O'Brien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 6 mins ago
Jeffrey O'Brien
1
New contributor
Jeffrey O'Brien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 6 mins ago
Jeffrey O'Brien
1
answered 6 mins ago
Jeffrey O'Brien
1
1
New contributor
Jeffrey O'Brien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Jeffrey O'Brien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Jeffrey O'Brien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f269052%2fhow-do-you-block-a-port-on-your-loopback%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Your iptables commands are appending to the chain. Is there a previous rule that allows all lo traffic?
– Jeff Schaller
Mar 11 '16 at 1:09