How do you block a port on your loopback?
Clash Royale CLAN TAG#URR8PPP
up vote
3
down vote
favorite
I am doing some testing and want to be able to test situations where my database goes down. Its running on the same box as my tests, and it appears that things like the following are not doing the trick
iptables -A INPUT -p tcp --dport 25262 -j DROP
iptables -A INPUT -p tcp --sport 25262 -j DROP
iptables -A INPUT -p tcp --dport 25262 -i lo -j DROP
iptables -A INPUT -p tcp --dport 25262 -s 127.0.0.1 -j DROP
I am about to resort to killing my database process, move the file (because my database automatically comes back up on a crash), and let the test continue that way, but that seems like a terrible way to do it.
What is the right way to block a port on loopback?
networking iptables
add a comment |Â
up vote
3
down vote
favorite
I am doing some testing and want to be able to test situations where my database goes down. Its running on the same box as my tests, and it appears that things like the following are not doing the trick
iptables -A INPUT -p tcp --dport 25262 -j DROP
iptables -A INPUT -p tcp --sport 25262 -j DROP
iptables -A INPUT -p tcp --dport 25262 -i lo -j DROP
iptables -A INPUT -p tcp --dport 25262 -s 127.0.0.1 -j DROP
I am about to resort to killing my database process, move the file (because my database automatically comes back up on a crash), and let the test continue that way, but that seems like a terrible way to do it.
What is the right way to block a port on loopback?
networking iptables
Your iptables commands are appending to the chain. Is there a previous rule that allows all lo traffic?
â Jeff Schaller
Mar 11 '16 at 1:09
add a comment |Â
up vote
3
down vote
favorite
up vote
3
down vote
favorite
I am doing some testing and want to be able to test situations where my database goes down. Its running on the same box as my tests, and it appears that things like the following are not doing the trick
iptables -A INPUT -p tcp --dport 25262 -j DROP
iptables -A INPUT -p tcp --sport 25262 -j DROP
iptables -A INPUT -p tcp --dport 25262 -i lo -j DROP
iptables -A INPUT -p tcp --dport 25262 -s 127.0.0.1 -j DROP
I am about to resort to killing my database process, move the file (because my database automatically comes back up on a crash), and let the test continue that way, but that seems like a terrible way to do it.
What is the right way to block a port on loopback?
networking iptables
I am doing some testing and want to be able to test situations where my database goes down. Its running on the same box as my tests, and it appears that things like the following are not doing the trick
iptables -A INPUT -p tcp --dport 25262 -j DROP
iptables -A INPUT -p tcp --sport 25262 -j DROP
iptables -A INPUT -p tcp --dport 25262 -i lo -j DROP
iptables -A INPUT -p tcp --dport 25262 -s 127.0.0.1 -j DROP
I am about to resort to killing my database process, move the file (because my database automatically comes back up on a crash), and let the test continue that way, but that seems like a terrible way to do it.
What is the right way to block a port on loopback?
networking iptables
networking iptables
asked Mar 11 '16 at 0:03
cylus
182
182
Your iptables commands are appending to the chain. Is there a previous rule that allows all lo traffic?
â Jeff Schaller
Mar 11 '16 at 1:09
add a comment |Â
Your iptables commands are appending to the chain. Is there a previous rule that allows all lo traffic?
â Jeff Schaller
Mar 11 '16 at 1:09
Your iptables commands are appending to the chain. Is there a previous rule that allows all lo traffic?
â Jeff Schaller
Mar 11 '16 at 1:09
Your iptables commands are appending to the chain. Is there a previous rule that allows all lo traffic?
â Jeff Schaller
Mar 11 '16 at 1:09
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
4
down vote
accepted
Command line command to DROP all loopback traffic (lo0)
$ [sudo] iptables -I INPUT --dport 25262 -i lo -j DROP
Explanation
Because iptables evaluates rules top to bottom and works on on a "first match wins" basis, you need to make sure your -i lo DROP
rule is -I
inserted to the top rather than -A
appended to the bottom of the rules, so it matches before another rule accepts the loopback traffic, e.g. if your DB was MySQL this rule might also match
INPUT -p tcp --dport 3306 ACCEPT
so if you did command:
$ [sudo] iptables -A INPUT --dport 25262 -i lo -j DROP
^^^ Notice the difference
your rules would look like this:
INPUT -p tcp --dport 3306 ACCEPT ---> this "wins" and request is accepted
INPUT --dport 25262 -i lo -j DROP
by running:
$ [sudo] iptables -I INPUT --dport 25262 -i lo -j DROP
your final rules would look like:
INPUT --dport 25262 -i lo -j DROP ---> this "wins" and request is DROP'ed
INPUT -p tcp --dport 3306 ACCEPT
... all your other rules
Thanks for the complete explanation! That actually did the trick. I need to read the man pages a little closer :/
â cylus
Mar 11 '16 at 12:44
add a comment |Â
up vote
0
down vote
Loopback on.my android seems to be controlled using edge browser on win 7 laptop not sure if its update to 10 but in all this is doing all the watching reading listening and she REALLY OUGHT TO JUST KNOCK IT ALL OFF BEFORE ITS TOO LATE
New contributor
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
4
down vote
accepted
Command line command to DROP all loopback traffic (lo0)
$ [sudo] iptables -I INPUT --dport 25262 -i lo -j DROP
Explanation
Because iptables evaluates rules top to bottom and works on on a "first match wins" basis, you need to make sure your -i lo DROP
rule is -I
inserted to the top rather than -A
appended to the bottom of the rules, so it matches before another rule accepts the loopback traffic, e.g. if your DB was MySQL this rule might also match
INPUT -p tcp --dport 3306 ACCEPT
so if you did command:
$ [sudo] iptables -A INPUT --dport 25262 -i lo -j DROP
^^^ Notice the difference
your rules would look like this:
INPUT -p tcp --dport 3306 ACCEPT ---> this "wins" and request is accepted
INPUT --dport 25262 -i lo -j DROP
by running:
$ [sudo] iptables -I INPUT --dport 25262 -i lo -j DROP
your final rules would look like:
INPUT --dport 25262 -i lo -j DROP ---> this "wins" and request is DROP'ed
INPUT -p tcp --dport 3306 ACCEPT
... all your other rules
Thanks for the complete explanation! That actually did the trick. I need to read the man pages a little closer :/
â cylus
Mar 11 '16 at 12:44
add a comment |Â
up vote
4
down vote
accepted
Command line command to DROP all loopback traffic (lo0)
$ [sudo] iptables -I INPUT --dport 25262 -i lo -j DROP
Explanation
Because iptables evaluates rules top to bottom and works on on a "first match wins" basis, you need to make sure your -i lo DROP
rule is -I
inserted to the top rather than -A
appended to the bottom of the rules, so it matches before another rule accepts the loopback traffic, e.g. if your DB was MySQL this rule might also match
INPUT -p tcp --dport 3306 ACCEPT
so if you did command:
$ [sudo] iptables -A INPUT --dport 25262 -i lo -j DROP
^^^ Notice the difference
your rules would look like this:
INPUT -p tcp --dport 3306 ACCEPT ---> this "wins" and request is accepted
INPUT --dport 25262 -i lo -j DROP
by running:
$ [sudo] iptables -I INPUT --dport 25262 -i lo -j DROP
your final rules would look like:
INPUT --dport 25262 -i lo -j DROP ---> this "wins" and request is DROP'ed
INPUT -p tcp --dport 3306 ACCEPT
... all your other rules
Thanks for the complete explanation! That actually did the trick. I need to read the man pages a little closer :/
â cylus
Mar 11 '16 at 12:44
add a comment |Â
up vote
4
down vote
accepted
up vote
4
down vote
accepted
Command line command to DROP all loopback traffic (lo0)
$ [sudo] iptables -I INPUT --dport 25262 -i lo -j DROP
Explanation
Because iptables evaluates rules top to bottom and works on on a "first match wins" basis, you need to make sure your -i lo DROP
rule is -I
inserted to the top rather than -A
appended to the bottom of the rules, so it matches before another rule accepts the loopback traffic, e.g. if your DB was MySQL this rule might also match
INPUT -p tcp --dport 3306 ACCEPT
so if you did command:
$ [sudo] iptables -A INPUT --dport 25262 -i lo -j DROP
^^^ Notice the difference
your rules would look like this:
INPUT -p tcp --dport 3306 ACCEPT ---> this "wins" and request is accepted
INPUT --dport 25262 -i lo -j DROP
by running:
$ [sudo] iptables -I INPUT --dport 25262 -i lo -j DROP
your final rules would look like:
INPUT --dport 25262 -i lo -j DROP ---> this "wins" and request is DROP'ed
INPUT -p tcp --dport 3306 ACCEPT
... all your other rules
Command line command to DROP all loopback traffic (lo0)
$ [sudo] iptables -I INPUT --dport 25262 -i lo -j DROP
Explanation
Because iptables evaluates rules top to bottom and works on on a "first match wins" basis, you need to make sure your -i lo DROP
rule is -I
inserted to the top rather than -A
appended to the bottom of the rules, so it matches before another rule accepts the loopback traffic, e.g. if your DB was MySQL this rule might also match
INPUT -p tcp --dport 3306 ACCEPT
so if you did command:
$ [sudo] iptables -A INPUT --dport 25262 -i lo -j DROP
^^^ Notice the difference
your rules would look like this:
INPUT -p tcp --dport 3306 ACCEPT ---> this "wins" and request is accepted
INPUT --dport 25262 -i lo -j DROP
by running:
$ [sudo] iptables -I INPUT --dport 25262 -i lo -j DROP
your final rules would look like:
INPUT --dport 25262 -i lo -j DROP ---> this "wins" and request is DROP'ed
INPUT -p tcp --dport 3306 ACCEPT
... all your other rules
edited Mar 11 '16 at 2:36
answered Mar 11 '16 at 2:19
the_velour_fog
5,15533356
5,15533356
Thanks for the complete explanation! That actually did the trick. I need to read the man pages a little closer :/
â cylus
Mar 11 '16 at 12:44
add a comment |Â
Thanks for the complete explanation! That actually did the trick. I need to read the man pages a little closer :/
â cylus
Mar 11 '16 at 12:44
Thanks for the complete explanation! That actually did the trick. I need to read the man pages a little closer :/
â cylus
Mar 11 '16 at 12:44
Thanks for the complete explanation! That actually did the trick. I need to read the man pages a little closer :/
â cylus
Mar 11 '16 at 12:44
add a comment |Â
up vote
0
down vote
Loopback on.my android seems to be controlled using edge browser on win 7 laptop not sure if its update to 10 but in all this is doing all the watching reading listening and she REALLY OUGHT TO JUST KNOCK IT ALL OFF BEFORE ITS TOO LATE
New contributor
add a comment |Â
up vote
0
down vote
Loopback on.my android seems to be controlled using edge browser on win 7 laptop not sure if its update to 10 but in all this is doing all the watching reading listening and she REALLY OUGHT TO JUST KNOCK IT ALL OFF BEFORE ITS TOO LATE
New contributor
add a comment |Â
up vote
0
down vote
up vote
0
down vote
Loopback on.my android seems to be controlled using edge browser on win 7 laptop not sure if its update to 10 but in all this is doing all the watching reading listening and she REALLY OUGHT TO JUST KNOCK IT ALL OFF BEFORE ITS TOO LATE
New contributor
Loopback on.my android seems to be controlled using edge browser on win 7 laptop not sure if its update to 10 but in all this is doing all the watching reading listening and she REALLY OUGHT TO JUST KNOCK IT ALL OFF BEFORE ITS TOO LATE
New contributor
New contributor
answered 6 mins ago
Jeffrey O'Brien
1
1
New contributor
New contributor
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f269052%2fhow-do-you-block-a-port-on-your-loopback%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Your iptables commands are appending to the chain. Is there a previous rule that allows all lo traffic?
â Jeff Schaller
Mar 11 '16 at 1:09