开发者

iptables block access to port 8000 except from IP address

开发者 https://www.devze.com 2023-04-05 11:26 出处:网络
I\'ve never used iptables, and the documentation online 开发者_C百科seems a bit opaque. I\'d like to block all requests to port 8000 on my server except those coming from a specific IP address. How d

I've never used iptables, and the documentation online 开发者_C百科seems a bit opaque.

I'd like to block all requests to port 8000 on my server except those coming from a specific IP address. How do I do that using iptables?


This question should be on Server Fault. Nevertheless, the following should do the trick, assuming you're talking about TCP and the IP you want to allow is 1.2.3.4:

iptables -A INPUT -p tcp --dport 8000 -s 1.2.3.4 -j ACCEPT
iptables -A INPUT -p tcp --dport 8000 -j DROP


Another alternative is;

sudo iptables -A INPUT -p tcp --dport 8000 -s ! 1.2.3.4 -j DROP

I had similar issue that 3 bridged virtualmachine just need access eachother with different combination, so I have tested this command and it works well.

Edit**

According to Fernando comment and this link exclamation mark (!) will be placed before than -s parameter:

sudo iptables -A INPUT -p tcp --dport 8000 ! -s 1.2.3.4 -j DROP


You can always use iptables to delete the rules. If you have a lot of rules, just output them using the following command.

iptables-save > myfile

vi to edit them from the commend line. Just use the "dd" to delete the lines you no longer want.

iptables-restore < myfile and you're good to go.  

REMEMBER THAT IF YOU DON'T CONFIGURE YOUR OS TO SAVE THE RULES TO A FILE AND THEN LOAD THE FILE DURING THE BOOT THAT YOUR RULES WILL BE LOST.

0

精彩评论

暂无评论...
验证码 换一张
取 消