Home / ubuntu / Questions / 758512
In Process
Eaten by a Grue
Asked: 2016-04-18 17:30:02 +0800 CST

Block port on one network address

  • 772

I'd like to block a series of ports (mailserver) for all the network addresses on my server except one. I've got a server running Ubuntu 14.04.4 and configured with 2 ipv4 addresses per Linode's Static IP configuration tutorial. /etc/network/interfaces looks something like this:

auto eth0 eth0:0

iface eth0 inet static
    address 93.184.216.34/24
    gateway 93.184.216.1

# This is a second public IP address
iface eth0:0 inet static
    address 93.184.216.35/24

I need first address to run the mailserver but the second needs to drop all incoming traffic except webserver ports (80,443).

I'm having a bit of difficulty here since every search result I get seems to relate to blocking specific IP addresses from connecting - instead of blocking all IP address from connecting to a specific server iface / ip address.

iptables

1 Answers

  1. From the UFW MAN Page 

       By default, ufw will apply rules to all available interfaces. To  limit
   this,  specify  DIRECTION on INTERFACE, where DIRECTION is one of in or
   out (interface aliases are not supported).  For example, to  allow  all
   new incoming http connections on eth0, use:

    Example :

    ufw allow in on eth0:0 to any port 80 proto tcp && ufw allow in on eth0:0 to any port 443 proto tcp

    Note I am unable to test this as I don't have two interfaces, but this should work fine. Im not sure how it will handle eth0:0 or if it needs a second real interface, like eth1, but I suspect it should be fine.

    • 1