I have an Elastic Search server which seems to have been exploited (it's being used for a DDoS attack having had NO firewall for about a month). As a temporary measure while I create a new one I was hoping to block all traffic to and from the server which wasn't coming from or going to our web server. Will these iptables rules achieve this: iptables -I INPUT \! --src 1.2.3.4 -m tcp -p tcp --dport 9200 -j DROP iptables -P FORWARD \! --src 1.2.3.4 DROP iptables -P OUTPUT \! --src 1.2.3.4 DROP The first rule is tried and tested but obviously wasn't preventing traffic coming from my server to other IP addresses so I was hoping I could add the second two rules to full secure it.