Answer the question
In order to leave comments, you need to log in
M
M
Maxim2020-12-11 12:21:22
Maxim, 2020-12-11 12:21:22
How to configure iptables to access a site from only one address?
Unable to configure access to the Freepbx panel for only one ip address
-A INPUT -s XXX.XXX.XXX.XXX/32 -j ACCEPT
-A INPUT -m tcp -p tcp --dport 80 -s XXX.XXX.XXX. XXX/32 -j ACCEPT
-A INPUT -p tcp --dport 80 -j DROP
centos 7
With these settings, no one has access.
It is worth commenting out the 3rd line - everything works from any address.
IP is correct
Similar settings work on centos 6
Differences - where it works - a site without a certificate, does not work - a site with a certificate
2 answer(s)
@Maxim1984
@Mihalich88
M
Maxim, 2020-12-12 @Maxim1984
Found in nginx logs
2020/12/11 14:39:18 [error] 32589#0: *1556 upstream timed out (110: Connection timed out) while connecting to upstream, client: xxx.xxx.xxx.xxx, server: pbx.xxx.ru, request: "GET / HTTP/1.1", upstream: " http://127.0.0.1:80/ ", host: "pb
x.xxx.ru"
understood that there was no response from localhost
added a rule
-A INPUT -p tcp -s 127.0.0.1/32 -j ACCEPT
Worked.
Now it only allows ips that have access on ports 443 and 80
M
Mikhail Nosov, 2020-12-11 @Mihalich88
Try replacing port 80 with 443.
Better yet, add 2 more rules for port 443.
Similar questions
M
E
S
H
M
Michael Sne Bjorn Palagin2015-06-02 19:44:53
Iptables on CentOS and how to properly port forward?
2Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question