nixCraft
Linux / UNIX Tech Support Forum
ipTables rule to block a port for all internal IP Addresses except one
This is a discussion on ipTables rule to block a port for all internal IP Addresses except one within the Networking, Firewalls and Security forums, part of the Mastering Servers category; I have a Virtual Dedicated Server with 6 IP Addresses. 1 for the server and 5 for other websites. I ...
Register free or login to your account to remove all advertisements.
|
|||||||
| Networking, Firewalls and Security No it's not a secret. Talk about firewalls and security issues. |
 |
|
|
Thread Tools | Display Modes |
8th July 2009, 07:38 AM
|
|||
|
|||
ipTables rule to block a port for all internal IP Addresses except one
I have a Virtual Dedicated Server with 6 IP Addresses. 1 for the server and 5 for other websites.
I want to block the access to port 9999(control panel) and 22(SSH) for all IP Addresses except 1. They are internal IP Addresses not external. So w1.x1.y1.z1:9999 is accessible but w2.x2.y2.z2:9999 w3.x3.y3.z3:9999 w4.x4.y4.z4:9999 w5.x5.y5.z5:9999 w6.x6.y6.z6:9999 do not work. Please help I plan to use ipTables to do so since I am using it currently to block ports 993 and 995 Also, I plan to add more IP Addresses later to the same server. SO I would prefer a rule which would allow access to w1.x1.y1.z1:9999 instead of writing 5 rules to deny access to other IP Addresses, so that I dont have write new rules when I add another IP Address. Although this is just preference. Any rule works fine for the time being. Please help. 
|
|
8th July 2009, 09:36 AM
|
||||
|
||||
|
Replace 1.2.3.4 with your actual IP (add the following to your shell script)
Code:
iptables -A INPUT -p tcp --destination-port 9999 -d \! 1.2.3.4 -j DROP iptables -A INPUT -p tcp --destination-port 22 -d \! 1.2.3.4 -j DROP service iptables save
__________________
Vivek Gite  Be proud RHEL user, and let the world know about your enterprise choices! Join RedHat user group. Do you run a Linux? Let's face it, you need help! Cricket & IPL News Blog
|
| The Following User Says Thank You to nixcraft For This Useful Post: | ||
pranaysharmadelhi (14th July 2009) | ||
|
14th July 2009, 09:49 PM
|
|||
|
|||
|
Solved
I used this:
iptables -A INPUT -p TCP -d ! w1.x1.y1.z1 --dport 22 -j REJECT iptables -A INPUT -p TCP -d ! w1.x1.y1.z1 --dport 9999 -j REJECT
|
|
|
|
| Tags |
| iptables, iptables block all except one, iptables block port 22, iptables block port 999 |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) |
|
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Iptables block ip address | raj | Getting started tutorials | 2 | 23rd August 2010 12:11 PM |
| IPtables MAC & IP rule for internet access | Tawfiq | Networking, Firewalls and Security | 4 | 2nd August 2009 07:53 AM |
| How do I block ip's (except some) to access any port? | sandeepvreddy | Networking, Firewalls and Security | 0 | 14th November 2008 06:26 PM |
| How can I block yahoo masanger port from 220BX modem. | chandra | Windows Xp/2000/2003 server administration | 3 | 27th September 2006 11:53 AM |
| Blocking port in iptables | asim.mcp | Linux software | 3 | 17th July 2006 10:00 PM |
All times are GMT +5.5. The time now is 01:27 PM.