Answer the question
In order to leave comments, you need to log in
M
M
Manuchehr Jalolov2018-06-16 14:48:47
Manuchehr Jalolov, 2018-06-16 14:48:47
How to filter INPUT and OUTPUT by IP list (White List) in iptables?
There is a Linux (ubuntu) server, in the server you need to filter the request by IP list ( iplist.txt ) more precisely, pass all outgoing and incoming traffic by iplist.txt (IP list ) and block the rest! Thanks in advance! I found something on the Internet, somehow redid it, but it just wasn’t ((
Like this one, but on the contrary, here is a bash script for the black list and we have a white list
_input=/root/firewall/badips.db
_pub_if="eth1"
IPT=/sbin/iptables
[ ! -f "$_input" ] && { echo "$0: File $_input not found."; exit 1; }
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT
$IPT -A OUTPUT -o ${_pub_if} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -i ${_pub_if} -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -N droplist
egrep -v "^#|^$" x | while IFS= read -r ip
do
$IPT -A droplist -i ${_pub_if} -s $ip -j LOG --log-prefix " Drop Bad IP List "
$IPT -A droplist -i ${_pub_if} -s $ip -j DROP
done <"${_input}"
$IPT -I INPUT -j droplist
$IPT -I OUTPUT -j droplist
$IPT -I FORWARD -j droplist
$IPT -A INPUT -m limit --limit 5/m --limit-burst 7 -j LOG
$IPT -A INPUT -j DROP 1 answer(s)
@kinglostov
R
Ruslan Fedoseev, 2018-06-16 @kinglostov
create a white list in ipset
set the default policy for chains - disable all
iptables -P INPUT -j DROP
iptables -P OUTPUT -j DROP
allow entry and exit on the white list
iptables -A INPUT --src-list WHITE_LIST -j ALLOW
iptables -A OUTPUT --dst-list WHITE_LIST -j ALLOW
wrote right here, you should check the documentation first ;)
Similar questions
R
O
A
D
O
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question