Answer the question
In order to leave comments, you need to log in
Opening a port for a specific ip?
Need help implementing whitelist likeness. In general, you need to open a port only for a specific ip through iptables using the tcp protocol. For the second hour I've been scratching my head on how to correctly implement this.
Answer the question
In order to leave comments, you need to log in
Well, like this, for example, I allow ssh
-A INPUT -p tcp --dport 22 -m set --match-set anynodes src -j ACCEPT
-A OUTPUT -p tcp --sport 22 -m set --match-set anynodes dst -j ACCEPT
create anynodes hash:net family inet hashsize 1024 maxelem 65536
add anynodes 10.7.1.0/24
add anynodes 10.7.3.0/24
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
1. Write a rule that allows access from the desired IP to the desired port.
2. Add a rule below the chain that prohibits access to the port.
If you need to add / remove addresses often, you can make a separate chain into which traffic would first fail, and add addresses to it.
I advise you to first check all the rules that are set for the port, iptables -n -L -v --line-numbers | grep {port number} . Delete all the rules for this port if you already made a bunch of them :) iptables -D INPUT {rule number}
This field allow access only to a specific ip sudo iptables -A INPUT -p tcp --dport {port number} --source {ip} - j ACCEPT (remember that there is an internal network ip and an "external" one).
After that, close the port
sudo iptables -A INPUT -p tcp --dport {port number} -j DROP
you can still Match Address if for ssl
For example, we need to allow connection to port 22 from IP address 5.5.5.5:
iptables -A INPUT -s 5.5.5.5 -p tcp --dport 22 -j ACCEPT
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question