How to block all incoming request through one network interface?

networking firewall iptables interface

If you really want to block all incoming traffic from the WAN (or Internet), you can simply add a rule like the the following:

$ iptables -A INPUT -i eth0 -j DROP

assuming eth0 is the WAN interface. This is enough to block all incoming traffic. However, you need to allow all related/established connections to be able to request some service from the WAN/Internet. So, you need a rule like:

$ iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

Of course the ACCEPT rule should be added before the DROP rule. Doing so will prevent you from hosting any service within your network.


iptables -A FORWARD -i eth0 -j DROP

Will not block incoming traffic. You should add rule on INPUT chain, e.g.:

iptables -A INPUT -i eth0 -j DROP

Related

Is there an advantage to load balancing using multiple VMs all on the same hardware?
Linux bonding: 802.3ad (LACP) vs. balance-alb mode
cant install fastcgi ubuntu server: Package libapache2-mod-fastcgi is not available
Can you use IP V6 for name server records
Does "find" open files?
How to search for text in a PuTTY console window
With regard to anti-spam practices, what exactly does a typical reverse DNS check look for?
Does a RAID 1 really protect from HDD failure?
Should I disable write caching on my Windows 2008 VM?
Is subdomain (CNAME) slower than using original address?
MySQL log file disable
How to concat rotated logs back together