Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ iptables allow only specific ip address to access the specified port     - Hazelcast integration with MongoDB (Database)

- Linux Nginx installation and configuration instructions (Server)

- CentOS 6.4 dial-up Raiders (Linux)

- The easiest 11g Active DataGuard (ADG) to establish the configuration process (Database)

- Zabbix installation and configuration process (Server)

- CentOS 6.4 of cron scheduled task configuration (Linux)

- Comparison of sorting algorithms (Programming)

- Python-- for anomalies and reflection of objects articles (Programming)

- Netapp storage routine inspections and information gathering (Linux)

- Revised OpenJDK Java Memory Model (Programming)

- Struts2 study notes -Valuestack (value stack) and OGNL expression (Programming)

- C ++ Object Model Comments (Programming)

- Ubuntu 15.04 Linux install anti-virus software Antiviral 0.2 (Linux)

- Linux System Getting Started Learning: Linux how to install 7zip (Linux)

- Erlang concurrency and foundation (Programming)

- Linux Oracle delete archived logs (Database)

- C language function pointer and a callback function (Programming)

- Oracle 11g principle study Dataguard (Database)

- CentOS install Java 1.8 (Linux)

- ORA-12545: Connection failed because the target host or object does not exist (Database)

 
         
  iptables allow only specific ip address to access the specified port
     
  Add Date : 2018-11-21      
         
         
         
  First, remove all pre-set

iptables -F # Clear filter preset table all the rules in the rule chain
 
iptables -X # Clear filter preset table in user-defined chain rules


Secondly, the setting only allows you to specify the ip address to access the specified port

iptables -A INPUT -s xxx.xxx.xxx.xxx -p tcp --dport 22 -j ACCEPT
 
iptables -A OUTPUT -d xxx.xxx.xxx.xxx -p tcp --sport 22 -j ACCEPT
 

 
iptables -A INPUT -s xxx.xxx.xxx.xxx -p tcp --dport 3306 -j ACCEPT
 
iptables -A OUTPUT -d xxx.xxx.xxx.xxx -p tcp --sport 3306 -j ACCEPT


These two above, please note --dport as the destination port, when the data into the server from the outside as the destination port; on the contrary, compared with the data from the data source server out port, use --sport
Similarly, -s is the source address is specified, -d specified destination.


Then, close all the ports

iptables -P INPUT DROP
 
iptables -P OUTPUT DROP
 
iptables -P FORWARD DROP


Finally, save the current rule

/etc/rc.d/init.d/iptables save
 
service iptables restart


This rule only applies to iptables is set to act as MySQL server administration and maintenance of the external address does not provide any services.

If you want to run yum you can then also need to add the following to allow port 53 DNS request to allow downloading randomly generated high port

iptables -A INPUT -m state --state RELATED, ESTABLISHED -j ACCEPT
 
iptables -A INPUT -p udp --sport 53 -j ACCEPT
 
iptables -A OUTPUT -m state --state RELATED, ESTABLISHED -j ACCEPT
 
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
 
iptables -A OUTPUT -p tcp --sport 10000: 65535 -j ACCEPT
 
/etc/rc.d/init.d/iptables save
 
service iptables restart
     
         
         
         
  More:      
 
- iOS in Singleton (Programming)
- Oracle to create an external table (Database)
- Installation and deployment of Hadoop 2.7.1 on Ubuntu 14.04 LTS (Server)
- Python 3.5 will support Async / Await Asynchronous Programming (Programming)
- Using Python multithreaded mistakes summary (Programming)
- Oracle Database routine inspection (Database)
- Four safety delete files under Linux tools (Linux)
- Java uses JDBC connect database (Programming)
- Seven kinds of NIC binding mode Detail (Linux)
- MySQL5.7 implement virtual column expression index (Database)
- How to Install Redis server on CentOS 7 (Server)
- SendMail version of Java implementation with attachments (Programming)
- apt-get install openstack pkg Troubleshooting (Linux)
- CentOS 6.6 install Oracle 11gR2 database (Database)
- Android Delete project useless resource file (Programming)
- Ubuntu Gnome and Fedora 22 Gnome desktop, extended to achieve global menu (Linux)
- EXP-00091 Error resolved (Database)
- GNU / Linux enable Intel Rapid Start (Linux)
- Oracle Listener can not start (TNS-12555, TNS-12560, TNS-00525) (Database)
- How to install the NVIDIA 358.16 driver in Ubuntu 15.10,14.04 (Linux)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.