will iptables block connections from local host?

If you insert the following rules in iptables,

iptables -A INPUT -p tcp –dport 1234 -j DROP

The firewall will block the connections to the port 1234 from remote computers. I wonder if iptables can also block the connections from local machine. To test if you can connect to a specified port on a host, you should use telnet, which is not installed on CentOS by default. You should install it first,

yum install telnet

The command to test the connectivity of an ip address/port combination is:

telnet xx.xx.xx.xx port

If there is no program running on the server listening on the port(but the port is not blocked by firewall), the output of the command is:

telnet: connect to address xx.xx.xx.xx: Connection refused

If the port is blocked by firewall, the output of telnet is:

telnet: connect to address xx.xx.xx.xx: Connection timed out

If the port is opened and not blocked, the output is:

Escape character is ‘^]’.

I use telnet to connect to localhost(or 127.0.0.1) on specific port and find the firewall also takes effect for local connections. That is to say, if you block a port, neither connection from remote server nor connection from local computer can succeed.

By the way, do not use the ssh command to test the connectivity.

ssh root@127.0.0.1 -p 1234

will not produce anything even the port 1234 is opened and not blocked.

Posted in tips of hosting