How to configure iptables file to allow only specific ipaddress on all port and deny all other ipaddress?
7,280
Code is something like this
#################################################
# clear existing chains
#################################################
iptables --flush
iptables --delete-chain
#################################################
# allow loopback
#################################################
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
#################################################
# allow established connections
#################################################
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#################################################
# allow ICMP from 10.0.0.1
#################################################
iptables -A INPUT -s 10.0.0.1 -p icmp --icmp-type any -j ACCEPT
iptables -A OUTPUT -p icmp -j ACCEPT
#################################################
# allow port range from 10.0.0.1
#################################################
iptables -A INPUT -m state --state NEW -s 10.0.0.1 -m tcp -p tcp --match multiport --dports 0:5555 -j ACCEPT
#################################################
# deny all
#################################################
iptables -A INPUT -j DROP
#################################################
# default policies
#################################################
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
#################################################
# save the new policy
#################################################
service iptables save
Related videos on Youtube
Author by
snoop
Updated on September 18, 2022Comments
-
snoop over 1 year
I require a configuration of iptables file which will allow me connection through only specific ip-address say 10.0.0.1 on all port ranging from 0-5555 and deny all other ip-addresses?
I have tried varies iptables command option but it didn't worked properly. What will be the exact iptables command?
Edit: Ubuntu 14.04 LTS
-
Prashant Chikhalkar over 8 yearsDid you checked this ? help.ubuntu.com/community/IptablesHowTo Also provide Ubuntu version you are using
-
snoop over 8 yearsI have tried this one:
iptables -A INPUT -p tcp -s 10.0.0.1 --dport 0:5555 -j ACCEPT
by reading documentation and googling. But it didn't worked. After flushing, saving didn't worked also.
-
-
snoop over 8 yearsThanks, This really worked! Further to this I need to allow icmp ping to that IP only. Where should I do changes for this?
-
2707974 over 8 yearsI add icmp code
-
snoop over 8 yearsFor outgoing and incoming https traffic should I add these additional rules?
iptables -A OUTPUT -o eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
-
2707974 over 8 yearsOnly for output
iptables -A OUTPUT -o eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
When site return traffic to you aka make session use random port. Butiptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
will allowe you communication. -
snoop over 8 yearsSuppose I need to allow internet connection to same IP address (10.0.0.1) then what changes I need to do in this script or by default this will allow internet connection also.?
-
2707974 over 8 yearsSorry I don't understand you. This ip tables rules are on some pc witch is not have ip
10.0.0.1
. What you wish to allow? Http traffic for pc with ip 10.0.0.1? How is pc on 10.0.0.1 connected with pc with iptables rules? -
snoop over 8 yearsI was unable to explain you my problem, sorry for that. My question is: suppose 10.0.0.2 is the machine on which I have ran the script providing access to 10.0.0.1. But will this block my internet access on 10.0.0.2 on which the firewall is configured, I guess no.
-
2707974 over 8 yearsI guess that 10.0.0.2 is connected to swith, router with internet access.
iptabels
rules will not deny internet access.