Results 1 to 5 of 5

Thread: Use iptables to only allow localhost to access a webserver

  1. #1
    Join Date
    Dec 2007
    Beans
    51

    Use iptables to only allow localhost to access a webserver

    Hi,

    I have a web server installed on my Xubuntu 11.04 desktop. I use it for testing and learning. If I'm at a cafe I don't want anyone interacting with the server - which I assume they could when they know my ip.

    Would this command only allow me to use the server on my laptop and prevent anyone else?

    $ sudo iptables -A INPUT -s ! 127.0.0.1 -p http -j DROP

    Thanks,

    Lee G.

  2. #2
    Join Date
    Jul 2011
    Beans
    1

    Re: Use iptables to only allow localhost to access a webserver


  3. #3
    Join Date
    Sep 2006
    Beans
    8,627
    Distro
    Ubuntu 14.04 Trusty Tahr

    DROP vs REJECT

    Also you may want to use the target REJECT instead of DROP. That will make diagnosis easier.

  4. #4
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    11,652
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: Use iptables to only allow localhost to access a webserver

    Why don't you just bind the server to localhost? In Apache, it would be a Listen directive:

    Code:
    Listen 127.0.0.1:80
    and similarly for NameVirtualHosts

    Code:
    NameVirtualHosts 127.0.0.1:80
    You'll need to use

    Code:
    <VirtualHost 127.0.0.1:80>
    in the vhost definitions rather than "*:80".

  5. #5
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Use iptables to only allow localhost to access a webserver

    +1 to binding apache to localhost.

    You could also firewall it, but if it's not listening for connections on the external interface, there would be no need to firewall it.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •