Please help with port allow rule

Discussion in 'Tomato Firmware' started by Leadbottom, Aug 3, 2008.

  1. Leadbottom

    Leadbottom Addicted to LI Member

    I just moved to Tomato from ISA Server. Wow, QOS is great.
    I am making progress getting everything working, but I've never used IPTables before.

    I need to have a server completely blocked from the Internet, EXCEPT allow NTP.

    NTP: udp port 123.
    LAN server address is
    The NTP server it needs to access is (fictional)

    I did a block-everything rule in the gui, but I haven't been able to figure out how to form the rule for IPTables to allow this port through to the server, or where to put it. (Firewall script?).

    If anyone could kickstart me going, I would really appreciate your help.
  2. wdca

    wdca LI Guru Member

    iptables -A FORWARD -s -p udp --dport 123 -j ACCEPT
    iptables -A FORWARD -s -j DROP
    ??? Admin->scripts>firewall
  3. Leadbottom

    Leadbottom Addicted to LI Member

    Thank you

    That didn't immediately work, but I think I figured out why.
    I changed it to this:

    iptables -I FORWARD -s -j DROP
    iptables -I FORWARD -s -p udp --dport 123 -j ACCEPT

    Thanks a lot. That really pointed me in the right direction.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice