PDA

View Full Version : [ubuntu] Use iptables to only allow localhost to access a webserver



leegold
July 10th, 2011, 10:28 PM
Hi,

I have a web server installed on my Xubuntu 11.04 desktop. I use it for testing and learning. If I'm at a cafe I don't want anyone interacting with the server - which I assume they could when they know my ip.

Would this command only allow me to use the server on my laptop and prevent anyone else?

$ sudo iptables -A INPUT -s ! 127.0.0.1 -p http -j DROP

Thanks,

Lee G.

todort
July 11th, 2011, 08:14 AM
Please check:

http://oktopot.net/blog/2011/05/firewall-for-linux-developers/

Lars Noodén
July 11th, 2011, 08:33 AM
Also you may want to use the target REJECT (http://www.chiark.greenend.org.uk/~peterb/network/drop-vs-reject) instead of DROP. That will make diagnosis easier.

SeijiSensei
July 11th, 2011, 02:27 PM
Why don't you just bind the server to localhost? In Apache, it would be a Listen directive:


Listen 127.0.0.1:80

and similarly for NameVirtualHosts


NameVirtualHosts 127.0.0.1:80

You'll need to use


<VirtualHost 127.0.0.1:80>

in the vhost definitions rather than "*:80".

CharlesA
July 11th, 2011, 07:10 PM
+1 to binding apache to localhost.

You could also firewall it, but if it's not listening for connections on the external interface, there would be no need to firewall it.