Iptables bans those on the whitelist. How to fix?

C

CeBePHblY2016-03-31 16:19:25

linux

CeBePHblY, 2016-03-31 16:19:25

there are ip in the whitelist, you need to deny access to everyone, EXCEPT for those who are in the whitelist
, I write like this:

sudo iptables -A INPUT -m set ! --match-set whitelist src -j DROP

the rule is processed without errors, but it bans on the contrary, all WHO in the whitelist
tried to put ! before white list - the rule throws an error

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

L

littleguga, 2016-03-31
@CeBePHblY

If you want to disable everything except whitelist, then first
DROP ALL
And then iptables -A INPUT -m set ! --match-set whitelist src -j ACCEPT
And what you are doing now is denying access to those who are in the whitelist (since the command is at the end of DROP)
Look / google manuals on this topic (first 3 links in Google by: iptables allow only whitelist)

1

1001001, 2016-03-31
@1001001

-j ACCEPT probably if you want to allow rather than deny

O

Oleg Batalov, 2016-04-01
@badmilkman

iptables -A INPUT -m set --set whitelist src -j ACCEPT
iptables -A INPUT -j REJECT
do not use "!"