How do you block a port on your loopback?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
3
down vote

favorite
2












I am doing some testing and want to be able to test situations where my database goes down. Its running on the same box as my tests, and it appears that things like the following are not doing the trick



iptables -A INPUT -p tcp --dport 25262 -j DROP
iptables -A INPUT -p tcp --sport 25262 -j DROP
iptables -A INPUT -p tcp --dport 25262 -i lo -j DROP
iptables -A INPUT -p tcp --dport 25262 -s 127.0.0.1 -j DROP


I am about to resort to killing my database process, move the file (because my database automatically comes back up on a crash), and let the test continue that way, but that seems like a terrible way to do it.



What is the right way to block a port on loopback?










share|improve this question





















  • Your iptables commands are appending to the chain. Is there a previous rule that allows all lo traffic?
    – Jeff Schaller
    Mar 11 '16 at 1:09














up vote
3
down vote

favorite
2












I am doing some testing and want to be able to test situations where my database goes down. Its running on the same box as my tests, and it appears that things like the following are not doing the trick



iptables -A INPUT -p tcp --dport 25262 -j DROP
iptables -A INPUT -p tcp --sport 25262 -j DROP
iptables -A INPUT -p tcp --dport 25262 -i lo -j DROP
iptables -A INPUT -p tcp --dport 25262 -s 127.0.0.1 -j DROP


I am about to resort to killing my database process, move the file (because my database automatically comes back up on a crash), and let the test continue that way, but that seems like a terrible way to do it.



What is the right way to block a port on loopback?










share|improve this question





















  • Your iptables commands are appending to the chain. Is there a previous rule that allows all lo traffic?
    – Jeff Schaller
    Mar 11 '16 at 1:09












up vote
3
down vote

favorite
2









up vote
3
down vote

favorite
2






2





I am doing some testing and want to be able to test situations where my database goes down. Its running on the same box as my tests, and it appears that things like the following are not doing the trick



iptables -A INPUT -p tcp --dport 25262 -j DROP
iptables -A INPUT -p tcp --sport 25262 -j DROP
iptables -A INPUT -p tcp --dport 25262 -i lo -j DROP
iptables -A INPUT -p tcp --dport 25262 -s 127.0.0.1 -j DROP


I am about to resort to killing my database process, move the file (because my database automatically comes back up on a crash), and let the test continue that way, but that seems like a terrible way to do it.



What is the right way to block a port on loopback?










share|improve this question













I am doing some testing and want to be able to test situations where my database goes down. Its running on the same box as my tests, and it appears that things like the following are not doing the trick



iptables -A INPUT -p tcp --dport 25262 -j DROP
iptables -A INPUT -p tcp --sport 25262 -j DROP
iptables -A INPUT -p tcp --dport 25262 -i lo -j DROP
iptables -A INPUT -p tcp --dport 25262 -s 127.0.0.1 -j DROP


I am about to resort to killing my database process, move the file (because my database automatically comes back up on a crash), and let the test continue that way, but that seems like a terrible way to do it.



What is the right way to block a port on loopback?







networking iptables






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Mar 11 '16 at 0:03









cylus

182




182











  • Your iptables commands are appending to the chain. Is there a previous rule that allows all lo traffic?
    – Jeff Schaller
    Mar 11 '16 at 1:09
















  • Your iptables commands are appending to the chain. Is there a previous rule that allows all lo traffic?
    – Jeff Schaller
    Mar 11 '16 at 1:09















Your iptables commands are appending to the chain. Is there a previous rule that allows all lo traffic?
– Jeff Schaller
Mar 11 '16 at 1:09




Your iptables commands are appending to the chain. Is there a previous rule that allows all lo traffic?
– Jeff Schaller
Mar 11 '16 at 1:09










2 Answers
2






active

oldest

votes

















up vote
4
down vote



accepted










Command line command to DROP all loopback traffic (lo0)



$ [sudo] iptables -I INPUT --dport 25262 -i lo -j DROP


Explanation



Because iptables evaluates rules top to bottom and works on on a "first match wins" basis, you need to make sure your -i lo DROP rule is -I inserted to the top rather than -Aappended to the bottom of the rules, so it matches before another rule accepts the loopback traffic, e.g. if your DB was MySQL this rule might also match



INPUT -p tcp --dport 3306 ACCEPT


so if you did command:



$ [sudo] iptables -A INPUT --dport 25262 -i lo -j DROP
^^^ Notice the difference


your rules would look like this:



INPUT -p tcp --dport 3306 ACCEPT ---> this "wins" and request is accepted
INPUT --dport 25262 -i lo -j DROP


by running:



$ [sudo] iptables -I INPUT --dport 25262 -i lo -j DROP


your final rules would look like:



INPUT --dport 25262 -i lo -j DROP ---> this "wins" and request is DROP'ed
INPUT -p tcp --dport 3306 ACCEPT
... all your other rules





share|improve this answer






















  • Thanks for the complete explanation! That actually did the trick. I need to read the man pages a little closer :/
    – cylus
    Mar 11 '16 at 12:44

















up vote
0
down vote













Loopback on.my android seems to be controlled using edge browser on win 7 laptop not sure if its update to 10 but in all this is doing all the watching reading listening and she REALLY OUGHT TO JUST KNOCK IT ALL OFF BEFORE ITS TOO LATE





share








New contributor




Jeffrey O'Brien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

















    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f269052%2fhow-do-you-block-a-port-on-your-loopback%23new-answer', 'question_page');

    );

    Post as a guest






























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    4
    down vote



    accepted










    Command line command to DROP all loopback traffic (lo0)



    $ [sudo] iptables -I INPUT --dport 25262 -i lo -j DROP


    Explanation



    Because iptables evaluates rules top to bottom and works on on a "first match wins" basis, you need to make sure your -i lo DROP rule is -I inserted to the top rather than -Aappended to the bottom of the rules, so it matches before another rule accepts the loopback traffic, e.g. if your DB was MySQL this rule might also match



    INPUT -p tcp --dport 3306 ACCEPT


    so if you did command:



    $ [sudo] iptables -A INPUT --dport 25262 -i lo -j DROP
    ^^^ Notice the difference


    your rules would look like this:



    INPUT -p tcp --dport 3306 ACCEPT ---> this "wins" and request is accepted
    INPUT --dport 25262 -i lo -j DROP


    by running:



    $ [sudo] iptables -I INPUT --dport 25262 -i lo -j DROP


    your final rules would look like:



    INPUT --dport 25262 -i lo -j DROP ---> this "wins" and request is DROP'ed
    INPUT -p tcp --dport 3306 ACCEPT
    ... all your other rules





    share|improve this answer






















    • Thanks for the complete explanation! That actually did the trick. I need to read the man pages a little closer :/
      – cylus
      Mar 11 '16 at 12:44














    up vote
    4
    down vote



    accepted










    Command line command to DROP all loopback traffic (lo0)



    $ [sudo] iptables -I INPUT --dport 25262 -i lo -j DROP


    Explanation



    Because iptables evaluates rules top to bottom and works on on a "first match wins" basis, you need to make sure your -i lo DROP rule is -I inserted to the top rather than -Aappended to the bottom of the rules, so it matches before another rule accepts the loopback traffic, e.g. if your DB was MySQL this rule might also match



    INPUT -p tcp --dport 3306 ACCEPT


    so if you did command:



    $ [sudo] iptables -A INPUT --dport 25262 -i lo -j DROP
    ^^^ Notice the difference


    your rules would look like this:



    INPUT -p tcp --dport 3306 ACCEPT ---> this "wins" and request is accepted
    INPUT --dport 25262 -i lo -j DROP


    by running:



    $ [sudo] iptables -I INPUT --dport 25262 -i lo -j DROP


    your final rules would look like:



    INPUT --dport 25262 -i lo -j DROP ---> this "wins" and request is DROP'ed
    INPUT -p tcp --dport 3306 ACCEPT
    ... all your other rules





    share|improve this answer






















    • Thanks for the complete explanation! That actually did the trick. I need to read the man pages a little closer :/
      – cylus
      Mar 11 '16 at 12:44












    up vote
    4
    down vote



    accepted







    up vote
    4
    down vote



    accepted






    Command line command to DROP all loopback traffic (lo0)



    $ [sudo] iptables -I INPUT --dport 25262 -i lo -j DROP


    Explanation



    Because iptables evaluates rules top to bottom and works on on a "first match wins" basis, you need to make sure your -i lo DROP rule is -I inserted to the top rather than -Aappended to the bottom of the rules, so it matches before another rule accepts the loopback traffic, e.g. if your DB was MySQL this rule might also match



    INPUT -p tcp --dport 3306 ACCEPT


    so if you did command:



    $ [sudo] iptables -A INPUT --dport 25262 -i lo -j DROP
    ^^^ Notice the difference


    your rules would look like this:



    INPUT -p tcp --dport 3306 ACCEPT ---> this "wins" and request is accepted
    INPUT --dport 25262 -i lo -j DROP


    by running:



    $ [sudo] iptables -I INPUT --dport 25262 -i lo -j DROP


    your final rules would look like:



    INPUT --dport 25262 -i lo -j DROP ---> this "wins" and request is DROP'ed
    INPUT -p tcp --dport 3306 ACCEPT
    ... all your other rules





    share|improve this answer














    Command line command to DROP all loopback traffic (lo0)



    $ [sudo] iptables -I INPUT --dport 25262 -i lo -j DROP


    Explanation



    Because iptables evaluates rules top to bottom and works on on a "first match wins" basis, you need to make sure your -i lo DROP rule is -I inserted to the top rather than -Aappended to the bottom of the rules, so it matches before another rule accepts the loopback traffic, e.g. if your DB was MySQL this rule might also match



    INPUT -p tcp --dport 3306 ACCEPT


    so if you did command:



    $ [sudo] iptables -A INPUT --dport 25262 -i lo -j DROP
    ^^^ Notice the difference


    your rules would look like this:



    INPUT -p tcp --dport 3306 ACCEPT ---> this "wins" and request is accepted
    INPUT --dport 25262 -i lo -j DROP


    by running:



    $ [sudo] iptables -I INPUT --dport 25262 -i lo -j DROP


    your final rules would look like:



    INPUT --dport 25262 -i lo -j DROP ---> this "wins" and request is DROP'ed
    INPUT -p tcp --dport 3306 ACCEPT
    ... all your other rules






    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Mar 11 '16 at 2:36

























    answered Mar 11 '16 at 2:19









    the_velour_fog

    5,15533356




    5,15533356











    • Thanks for the complete explanation! That actually did the trick. I need to read the man pages a little closer :/
      – cylus
      Mar 11 '16 at 12:44
















    • Thanks for the complete explanation! That actually did the trick. I need to read the man pages a little closer :/
      – cylus
      Mar 11 '16 at 12:44















    Thanks for the complete explanation! That actually did the trick. I need to read the man pages a little closer :/
    – cylus
    Mar 11 '16 at 12:44




    Thanks for the complete explanation! That actually did the trick. I need to read the man pages a little closer :/
    – cylus
    Mar 11 '16 at 12:44












    up vote
    0
    down vote













    Loopback on.my android seems to be controlled using edge browser on win 7 laptop not sure if its update to 10 but in all this is doing all the watching reading listening and she REALLY OUGHT TO JUST KNOCK IT ALL OFF BEFORE ITS TOO LATE





    share








    New contributor




    Jeffrey O'Brien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.





















      up vote
      0
      down vote













      Loopback on.my android seems to be controlled using edge browser on win 7 laptop not sure if its update to 10 but in all this is doing all the watching reading listening and she REALLY OUGHT TO JUST KNOCK IT ALL OFF BEFORE ITS TOO LATE





      share








      New contributor




      Jeffrey O'Brien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.



















        up vote
        0
        down vote










        up vote
        0
        down vote









        Loopback on.my android seems to be controlled using edge browser on win 7 laptop not sure if its update to 10 but in all this is doing all the watching reading listening and she REALLY OUGHT TO JUST KNOCK IT ALL OFF BEFORE ITS TOO LATE





        share








        New contributor




        Jeffrey O'Brien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.









        Loopback on.my android seems to be controlled using edge browser on win 7 laptop not sure if its update to 10 but in all this is doing all the watching reading listening and she REALLY OUGHT TO JUST KNOCK IT ALL OFF BEFORE ITS TOO LATE






        share








        New contributor




        Jeffrey O'Brien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.








        share


        share






        New contributor




        Jeffrey O'Brien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.









        answered 6 mins ago









        Jeffrey O'Brien

        1




        1




        New contributor




        Jeffrey O'Brien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.





        New contributor





        Jeffrey O'Brien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.






        Jeffrey O'Brien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.



























             

            draft saved


            draft discarded















































             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f269052%2fhow-do-you-block-a-port-on-your-loopback%23new-answer', 'question_page');

            );

            Post as a guest













































































            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Displaying single band from multi-band raster using QGIS

            How many registers does an x86_64 CPU actually have?