Iptables: how to allow connections for specific ports with ip only via chain?

C

cy-ernado2014-07-09 13:16:35

iptables

cy-ernado, 2014-07-09 13:16:35

There are host1 and host 2, connections of ports 27010:27100 are created between them. It is necessary to forbid connecting on these ports to everyone except host 1 and host2.
My default policy is to allow everything that is not prohibited. Here is how I tried to implement:

Chain mongo (2 references)
target     prot opt source               destination         
ACCEPT     all  --  host1        anywhere            
ACCEPT     all  --  host2        anywhere            
ACCEPT     all  --  anywhere             anywhere             source IP range 172.17.0.0-172.17.255.255
DROP       all  --  anywhere             anywhere

(172.17.0.0-172.17.255.255 - addresses from which the request should also pass, but they are on a different interface)

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
mongo      tcp  --  anywhere             anywhere             tcp dpts:27010:27100
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bootps
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps
mongo      tcp  --  anywhere             anywhere             tcp dpts:27010:27100

What could be the problem and how to do it right?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

K

kirdik, 2014-07-09
@kirdik

-A INPUT -m state --state NEW -m tcp -p tcp --dport 27010-27100 -h host1 -j DROP
-A INPUT -m state --state NEW -m tcp -p tcp --dport 27010-27100 -h host2 -j DROP