Skip to main content

Blocking port 8080

Linux firewall can be managed using iptables command. I setup tomcat with Apache webserver in front using mod_jk2. But tomcat was still accessbile from port 8080. In order to disable direct access to port 8080 I executed following command.

iptables -A INPUT -p tcp --dport 8080 -j REJECT

You can review the above rule and any other existing rules as follows;

iptables -L -n --line-numbers

Now, if later you wanted to undo or remove a rule, use the above command to figure out the line number of the rule. A sample output from the previous command looks like below;

Chain INPUT (policy DROP)
num target prot opt source destination
1 LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x16/0x02 state NEW LOG flags 0 level 4 prefix `NEW NOT SYN: '
2 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x16/0x02 state NEW
3 DROP tcp -- 207.46.249.190 0.0.0.0/0 tcp
4 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1214
5 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1214
6 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
7 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68

Now, let's say you wanted to remove the rule at line number #3. It can be done as following;

iptables -R INPUT 3

For more details, look at this quick HowTo guide.
Labels:

Comments

Post a Comment

Popular posts from this blog

Creating no-reply@domain.com account in Postfix

If you wanted to send emails to users but did not want to receive any replies to the email, you would need to setup a no-reply@domain.com email account. These kind of email ids are useful when sending emails containing forgotten passwords or activation code. Below are the steps for creating such account in Postfix. 1. Identify the file containing alias for Postfix First, make sure the following line in the ALIAS DATABASE section of the /etc/postfix/main.cf is NOT commented out: alias_maps = hash:/etc/aliases 2. Create an alias that redirects messages to /dev/null Edit /etc/aliases and add following entry devnull: /dev/null 3. Create a virtual email id Edit /etc/postfix/virtual and add following entry no-reply@domain.com devnull 4. refresh postfix alias and postfix cache Execute following commands. (You may require root privileges) > newaliases > postfix reload
4 comments
Read more

jupyter notebook execution error: "http://localhost:8889/tree?token=xxx" doesn’t understand the “open location” message

I got this error when I tried to launch jupyter notebook on a mac. It is not a fatal error. I could still go to browser directly and copy/paste the url manually. The error indicates that when the command automatically tried to launch a browser, it couldn't find the default browser in jupyter configuration file. The easy fix is to specify the browser. Here are the steps to do so; 1.   Open ~/.jupyter/jupyter_notebook_config.py in an editor.       If the file does not exist then you can create a default config file by typing the following command;       jupyter notebook --generate-config 2. Search for a word "browser" to locate a following line.     #c.NotebookApp.browser = ''     By default it is commented. You can uncomment it and use one of the following values depending on your browser preference.     # set default browser to chrome     c.NotebookApp.browser = 'chrome'     # set default browser to safari     c.NotebookApp.browser = 
Post a Comment
Read more

.ssh/config: “Bad configuration option: UseKeychain” on Mac OS

After upgrading Mac OS to Mojave I started seeing this error when doing "git pull". I was able to follow the steps below as described here ; 1. open ssh config vi ~/.ssh/config 2. Add the following lines to ssh config to keep your configuration compatible with both new and old versions of openssh. IgnoreUnknown UseKeychain UseKeychain yes That fixed the issue for me. Try running git pull again.    More details about the issue are available here . 
Post a Comment
Read more