Home / server / Questions / 146569
Accepted
Anonymous12345
Asked: 2010-05-30 12:32:38 +0800 CST

Iptables: How to allow only one ip through specific port?

  • 772

How can I on my ubuntu server, in Iptables only allow one IP adress on a specific port?

Thanks

linux ubuntu security iptables

3 Answers

  1. Best Answer

    One liner:

    iptables -I INPUT \! --src 1.2.3.4 -m tcp -p tcp --dport 777 -j DROP  # if it's not 1.2.3.4, drop it

    A more elegant solution:

    iptables -N xxx # create a new chain
iptables -A xxx --src 1.2.3.4 -j ACCEPT  # allow 1.2.3.4
iptables -A xxx --src 1.2.3.5 -j ACCEPT  # allow 1.2.3.5
iptables -A xxx --src 1.2.3.6 -j ACCEPT  # allow 1.2.3.6
iptables -A xxx -j DROP  # drop everyone else
iptables -I INPUT -m tcp -p tcp --dport 777 -j xxx  # use chain xxx for packets coming to TCP port 777
    • 59

  2. Here's an example from one of my CentOS systems (addresses have been obfuscated):

    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 1.2.3.4 -d 5.6.7.8 --dport 22 -j ACCEPT
    • 0

  3. I use shorewall to configure IP table. Use a rule like to accept from one host to port 123.

    ACCEPT net:192.0.2.1 $FW tcp 1234

    • 0