How to block 111 udp port via iptables?

Question

I've got an issue related to block 111 port only for udp. For tcp it was blocked without any problem. This port is used by application rpcbind. I test it via netcat. This is my iptables. It contains empty chain FORWARD, because I've removed all rules from it for easy understanding.

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    DROP       udp  --  anywhere             anywhere             udp dpt:sunrpc
2    DROP       tcp  --  anywhere             anywhere             tcp dpt:sunrpc

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination
1    DOCKER-OVERLAY  all  --  anywhere             anywhere

Chain DOCKER (0 references)
num  target     prot opt source               destination

Chain DOCKER-ISOLATION (0 references)
num  target     prot opt source               destination
1    DROP       all  --  anywhere             anywhere
2    DROP       all  --  anywhere             anywhere
3    RETURN     all  --  anywhere             anywhere

Chain DOCKER-OVERLAY (1 references)
num  target     prot opt source               destination

This port will be opened for set of server but they don't exist in iptables right now for easy understanding too. What must I do for blocking 111 port over udp?

Answer 1

Depending on how nice you want to be to the client, a possible solution can be:

iptables -I INPUT -p udp  --dport 111 -j DROP

or

iptables -I INPUT -p udp  --dport 111 -j REJECT