Block outside TCP requests from centos server

Question

I have a centOS server and user to host web systems with LAMP. Server owners are complaining that we are sending abnormal TCP requests to external server.

How can we block these types of requests?

Can we use IPTABLE rule for this?

Here is the log of the external server

start log

Bruteforce to port 22 from ip 213.136.X.X

2018-06-03 11:08:38 block TCP from 213.136.X.X to 5.101.72.XXX:22

2018-06-03 11:03:24 block TCP from 213.136.X.X to 5.101.72.XXX:22

2018-06-03 10:47:41 block TCP from 213.136.X.X to 5.101.78.XXX:22

end log

If your server is the source of the unusual TCP connections, you should check it on your side instead of just blocking it. — deagh, Jun 06 '18 at 07:07

Bilal Ali Jafri · Answer 1 · 2018-06-06T07:25:07.270

0

First of all look in your system it might be compromise or may be some service is malfunctioning. the last thing you can do is create a iptable rule for blocking packets to specefic IP.

Sample rule: iptables -A OUTPUT -s {IP-HERE} -j DROP

In your Case: iptables -A OUTPUT -s 5.101.78.XXX -j DROP

then run service iptables save

edited Jun 06 '18 at 07:25

answered Jun 06 '18 at 07:18

Bilal Ali Jafri

99
4

Block outside TCP requests from centos server

1 Answers1