I need to allow access to port 11211 from specific IP to existing rules (In a script that runs after the server loads)
The line I want to add:
iptables -A INPUT -p tcp -s xx.xx.xx.xx --dport 11211 -j ACCEPT
But the iptables already contains a drop line for this port so my line will append after and will never work. The drop line:
DROP tcp -- anywhere anywhere tcp dpt:11211
How can I do it?
Use
iptables -I INPUT -p tcp -s xx.xx.xx.xx --dport 11211 -j ACCEPTthis will insert the rule at the beginning of the INPUT chain and will be processed before the existing DROP rule. Iptables works from top to bottom and the 1st rule to match wins. Don't forget to save the iptables configuration once your sure it's working correctly.You're looking for "INSERT" instead of "APPEND". AFAIR you can use
To insert the rule into the desired slot in the chain. To find the right slot number use
iptables -nLThen start counting the rules starting with 1.I think you can also omit the slot to have iptables inserting the new rule at the first slot (on top).
-A -- means appent. use -R to replace and -I to insert in chain.