Home | Articles | About | Contact | Forum |
Monday, March 18, 2024



Lunarpages.com Web Hosting

Mailing List

E-mail:
By Joining the mailing list you will be notified of site updates.


Show Your Support For
This Site By Donating:











Audience: Systems Admins
Last Updated: 6/6/2011 11:36:07 PM
**All times are EST**





IPtables: open port for specific IP

By Erik Rodriguez

Tags: iptables block all IPs, open for specific IP, iptables --dport, iptables drop, iptables specify IP range

This HOWTO covers IPtables configuration for specifying services to a certain host or range of hosts.

Command and Syntax

There seems to be a lot of confusion with this, so I'm going to make this quick any easy. IPtables is a stateful firewall tht is both powerful and efficent. That being said, let's look at how to restrict a port or service to a specific IP or range of IPs. Entering the following at root will allow SSH connections from the first two locations and drop them from everywhere else:

iptables -I INPUT -p tcp -m tcp -s 70.85.189.123 --dport 22 -j ACCEPT
iptables -I INPUT -p tcp -m tcp -s 70.85.189.100/29 --dport 22 -j ACCEPT
iptables -I INPUT -p tcp -m tcp -s 0.0.0.0/0 --dport 22 -j DROP

Remember, if you want this configuration to survive reboots, you will need to use the command iptables-save. Red hat-based systems will store the configuration in the files /etc/sysconfig/iptables.

If you would like to edit this file directly, use the following:

-A INPUT -p tcp -m tcp -s 70.85.189.123 --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp -s 70.85.189.100/29 --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp -s 0.0.0.0/0 --dport 22 -j DROP

Remember, IPtables like most hardware firewalls, uses stateful packet inspection. It will read the rules in order from top to bottom. This is why we put all the allowed networks first and then put in a blanket deny all (0.0.0.0/0). You can enter hosts into IPtables using any of the following formats:

IP address: ex. 70.85.189.123
DNS name: ex. skullbox.net
CIDR: ex. 70.85.189.100/29





Contact Us

If you found this information useful, click the +1 button



Your E-mail:


Subject:


Type verification image:
verification image, type it in the box

Message:


NOTE: this form DOES NOT e-mail this article, it sends feedback to the author.


TCP vs. UDP
Juniper SRX anti-spam filtering config
Windows Server 2008 Clustering Configuration
Windows 2008 R2 Network Load Balancing (NLB)
Extreme Networks: Downloading new software image
Juniper SRX save config to USB drive
Juniper SRX logout sessions
Extreme Networks Syslog Configuration
Command line drive mapping
Neoscale vs. Decru
Data Security vs. Data Protection
Juniper SRX Cluster Configuration
HOWTO - Create VLAN on Extreme Switch
Using a Non-local Colocation Facility
Linux Server Administration
IT Chop Shops
Flow Viewers: SFLOW, NetFLOW, and JFLOW
Exchange 2007 Back Pressure
IPtables open port for specific IP
Politics in IT Departments
HOWTO - Block Dropbox
Cisco IOS Cheat Sheet
Subnet Cheat Sheet
Design a DMZ Network
How DNS works
Firewall Configuration
Juniper SSG Firewalls
Server Management
Configuring VLANs
Runlevels in Linux
Server Clustering
SONET Networks
The Red Hat Network
Server Colocation
Complicated Linux Servers
Dark Fiber
Data Center Network Design
Firewall Types
Colocation Bandwidth




Copyright © 2002-2016 Skullbox.Net All Rights Reserved.
A division of Orlando Tech Works, LLC
By using this site you agree to its Terms and Conditions.
Contact Erik Rodriguez