How to configure iptables so an unwanted port is not reported as filtered

security linux tcpip iptables tcp

Solution 1:

Don't use DROP, that's easily identified as "filtered" if you know the box is up. Instead, you may use the following to send a RST. (as if there is a service listening, but it doesn't accept connections from you)

-A INPUT -p tcp -m tcp --dport 22 -j REJECT --reject-with tcp-reset

Or otherwise simply use the following to make the port look closed. (as if there is no service listening on it)

-A INPUT -p tcp -m tcp --dport 22 -j REJECT

Solution 2:

-A INPUT -p tcp -m tcp --dport 995 -j REJECT --reject-with tcp-reset

should be doing what you want (reply with RST).

Related

CNAME with S3 buckets
Connecting to PostgreSQL with SSL using OpenSSL s_client
Is it safe to write data to a RAID 6 while it's rebuilding?
Does UPS Rack Position Matter
How to make the task scheduler display the cmd shell when invoking a batch file?
Why use chef-solo on a single instance?
How to find all filenames with given extension
How to find files that don't contain a given search string
Security Admins toolkit? What's in yours? [closed]
Is there such a thing as a signed SSH keypair?
MySQL 5.1 or 5.5?
SMB claimed to be "slow"