How to configure iptables file to allow only specific ipaddress on all port and deny all other ipaddress?

networking server firewall iptables

7,280

Code is something like this

#################################################
# clear existing chains
#################################################

iptables --flush
iptables --delete-chain

#################################################
# allow loopback
#################################################

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

#################################################
# allow established connections
#################################################

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#################################################
# allow ICMP from 10.0.0.1
#################################################

iptables -A INPUT -s 10.0.0.1 -p icmp --icmp-type any -j ACCEPT
iptables -A OUTPUT -p icmp -j ACCEPT


#################################################
# allow port range from 10.0.0.1
#################################################

iptables -A INPUT -m state --state NEW -s 10.0.0.1 -m tcp -p tcp --match multiport --dports 0:5555 -j ACCEPT

#################################################
# deny all
#################################################

iptables -A INPUT -j DROP

#################################################
# default policies
#################################################

iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

#################################################
# save the new policy
#################################################

service iptables save

7,280

snoop

Updated on September 18, 2022

Comments

snoop over 1 year

I require a configuration of iptables file which will allow me connection through only specific ip-address say 10.0.0.1 on all port ranging from 0-5555 and deny all other ip-addresses?

I have tried varies iptables command option but it didn't worked properly. What will be the exact iptables command?

Edit: Ubuntu 14.04 LTS
- Prashant Chikhalkar over 8 years
  
  Did you checked this ? help.ubuntu.com/community/IptablesHowTo Also provide Ubuntu version you are using
- snoop over 8 years
  
  I have tried this one: iptables -A INPUT -p tcp -s 10.0.0.1 --dport 0:5555 -j ACCEPT by reading documentation and googling. But it didn't worked. After flushing, saving didn't worked also.
snoop over 8 years

Thanks, This really worked! Further to this I need to allow icmp ping to that IP only. Where should I do changes for this?
2707974 over 8 years

I add icmp code
snoop over 8 years

For outgoing and incoming https traffic should I add these additional rules? iptables -A OUTPUT -o eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
2707974 over 8 years

Only for output iptables -A OUTPUT -o eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT When site return traffic to you aka make session use random port. But iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT will allowe you communication.
snoop over 8 years

Suppose I need to allow internet connection to same IP address (10.0.0.1) then what changes I need to do in this script or by default this will allow internet connection also.?
2707974 over 8 years

Sorry I don't understand you. This ip tables rules are on some pc witch is not have ip 10.0.0.1. What you wish to allow? Http traffic for pc with ip 10.0.0.1? How is pc on 10.0.0.1 connected with pc with iptables rules?
snoop over 8 years

I was unable to explain you my problem, sorry for that. My question is: suppose 10.0.0.2 is the machine on which I have ran the script providing access to 10.0.0.1. But will this block my internet access on 10.0.0.2 on which the firewall is configured, I guess no.
2707974 over 8 years

I guess that 10.0.0.2 is connected to swith, router with internet access. iptabels rules will not deny internet access.