nixCraft
Linux / UNIX Tech Support Forum
ipTables rule to block a port for all internal IP Addresses except one
This is a discussion on ipTables rule to block a port for all internal IP Addresses except one within the Networking, Firewalls and Security forums, part of the Mastering Servers category; I have a Virtual Dedicated Server with 6 IP Addresses. 1 for the server and 5 for other websites. I ...
|
|||||||
| Networking, Firewalls and Security No it's not a secret. Talk about firewalls and security issues. |
 |
|
|
LinkBack | Thread Tools | Display Modes |
08-07-2009, 07:38 AM
|
|||
|
|||
ipTables rule to block a port for all internal IP Addresses except one
I have a Virtual Dedicated Server with 6 IP Addresses. 1 for the server and 5 for other websites.
I want to block the access to port 9999(control panel) and 22(SSH) for all IP Addresses except 1. They are internal IP Addresses not external. So w1.x1.y1.z1:9999 is accessible but w2.x2.y2.z2:9999 w3.x3.y3.z3:9999 w4.x4.y4.z4:9999 w5.x5.y5.z5:9999 w6.x6.y6.z6:9999 do not work. Please help I plan to use ipTables to do so since I am using it currently to block ports 993 and 995 Also, I plan to add more IP Addresses later to the same server. SO I would prefer a rule which would allow access to w1.x1.y1.z1:9999 instead of writing 5 rules to deny access to other IP Addresses, so that I dont have write new rules when I add another IP Address. Although this is just preference. Any rule works fine for the time being. Please help. 
|
| Sponsored Links | ||
|
|
|
08-07-2009, 09:36 AM
|
||||
|
||||
|
Replace 1.2.3.4 with your actual IP (add the following to your shell script)
Code:
iptables -A INPUT -p tcp --destination-port 9999 -d \! 1.2.3.4 -j DROP iptables -A INPUT -p tcp --destination-port 22 -d \! 1.2.3.4 -j DROP service iptables save
__________________
Vivek Gite Linux Evangelist  Be proud RHEL user, and let the world know about your enterprise choices! Join RedHat user group. Always use CODE tags for posting system output and commands! Do you run a Linux? Let's face it, you need help
|
| The Following User Says Thank You to nixcraft For This Useful Post: | ||
pranaysharmadelhi (14-07-2009)
| ||
|
14-07-2009, 09:49 PM
|
|||
|
|||
|
Solved
I used this:
iptables -A INPUT -p TCP -d ! w1.x1.y1.z1 --dport 22 -j REJECT iptables -A INPUT -p TCP -d ! w1.x1.y1.z1 --dport 9999 -j REJECT
|
|
| Tags |
| iptables , iptables block all except one , iptables block port 22 , iptables block port 999 |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) |
|
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| IPtables MAC & IP rule for internet access | Tawfiq | Networking, Firewalls and Security | 4 | 02-08-2009 07:53 AM |
| How do I block ip's (except some) to access any port? | sandeepvreddy | Networking, Firewalls and Security | 0 | 14-11-2008 06:26 PM |
| Iptables block ip address | raj | Getting started tutorials | 0 | 05-05-2007 01:01 AM |
| How can I block yahoo masanger port from 220BX modem. | chandra | Windows Xp/2000/2003 server administration | 3 | 27-09-2006 11:53 AM |
| Blocking port in iptables | asim.mcp | Linux software | 3 | 17-07-2006 10:00 PM |
All times are GMT +5.5. The time now is 06:51 PM.
