I've got an issue related to block 111 port only for udp. For tcp it was blocked without any problem. This port is used by application rpcbind. I test it via netcat. This is my iptables. It contains empty chain FORWARD, because I've removed all rules from it for easy understanding.
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 DROP udp -- anywhere anywhere udp dpt:sunrpc
2 DROP tcp -- anywhere anywhere tcp dpt:sunrpc
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 DOCKER-OVERLAY all -- anywhere anywhere
Chain DOCKER (0 references)
num target prot opt source destination
Chain DOCKER-ISOLATION (0 references)
num target prot opt source destination
1 DROP all -- anywhere anywhere
2 DROP all -- anywhere anywhere
3 RETURN all -- anywhere anywhere
Chain DOCKER-OVERLAY (1 references)
num target prot opt source destination
This port will be opened for set of server but they don't exist in iptables right now for easy understanding too.
What must I do for blocking 111 port over udp?
Best Answer
Depending on how nice you want to be to the client, a possible solution can be:
or