Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ iptables allow only specific ip address to access the specified port     - Ubuntu the ARP (arptables) (Linux)

- How to install Wine 1.7.20 under Ubuntu or Linux Mint (Linux)

- MySQL error: ERROR 1175: You are using safe update mode solution (Database)

- To restore the last time applications running when Ubuntu user log in again (Linux)

- Snapshot DataGuard (Database)

- Tor Browser: under Linux for anonymous Web browsing ultimate browser (Linux)

- Linux system started to learn: Teaches you install Fedora 22 on VirtualBox (Linux)

- How to forcibly change the Linux system password on a regular basis (Linux)

- The user how to install Notepadqq 0.41.0 under ubuntu and debian (Linux)

- ORA-01839 error caused by incorrect system date setting (Database)

- Android memory optimization of the memory cache (Linux)

- SecureCRT connect virtual machine Linux system (Ubuntu) (Linux)

- Linux CPU Monitoring Index (Linux)

- VirtualBox virtual machine can not start to solve under Ubuntu (Linux)

- React Getting Started Tutorial (Linux)

- SELinux multi-level security (Linux)

- C language macro definition #define Usage (Programming)

- How to enhance the security of Linux systems (Linux)

- Linux unpack the tar file to a different directory (Linux)

- How to build Memcached Docker container (Server)

  iptables allow only specific ip address to access the specified port
  Add Date : 2018-11-21      
  First, remove all pre-set

iptables -F # Clear filter preset table all the rules in the rule chain
iptables -X # Clear filter preset table in user-defined chain rules

Secondly, the setting only allows you to specify the ip address to access the specified port

iptables -A INPUT -s xxx.xxx.xxx.xxx -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -d xxx.xxx.xxx.xxx -p tcp --sport 22 -j ACCEPT

iptables -A INPUT -s xxx.xxx.xxx.xxx -p tcp --dport 3306 -j ACCEPT
iptables -A OUTPUT -d xxx.xxx.xxx.xxx -p tcp --sport 3306 -j ACCEPT

These two above, please note --dport as the destination port, when the data into the server from the outside as the destination port; on the contrary, compared with the data from the data source server out port, use --sport
Similarly, -s is the source address is specified, -d specified destination.

Then, close all the ports

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

Finally, save the current rule

/etc/rc.d/init.d/iptables save
service iptables restart

This rule only applies to iptables is set to act as MySQL server administration and maintenance of the external address does not provide any services.

If you want to run yum you can then also need to add the following to allow port 53 DNS request to allow downloading randomly generated high port

iptables -A INPUT -m state --state RELATED, ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp --sport 53 -j ACCEPT
iptables -A OUTPUT -m state --state RELATED, ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 10000: 65535 -j ACCEPT
/etc/rc.d/init.d/iptables save
service iptables restart
- Configuring the PXE server in Ubuntu 14.04 (Server)
- To use Android RecyclerView (Programming)
- Ubuntu comes with gedit editor to add Markdown preview widget (Linux)
- xargs Detailed description (Linux)
- Tomcat installation under Linux (Server)
- Mysql binlog resolve the garbage problem decryption (Database)
- Hard disk encryption to protect data security (Linux)
- Hive handle count distinct inclination to produce data processing (Database)
- CentOS7 + Redis Live Installation and Configuration (Linux)
- Quick Install software RAID on Linux (Linux)
- Installation under Linux Mint system guidelines for Gtk (Linux)
- SSH Filesystem use a secure connection for network file system (Linux)
- Redis 3.0.3 Cluster Setup (Database)
- You need to know 12 Git High Command (Linux)
- RHEL6.4 one key installation Redmine (Linux)
- Zorin OS: Linux novice most personal desktop system should be used (Linux)
- Multi-core CPU, multi-threading and parallel computation (Linux)
- Use mod_wsgi Django application deployment (Server)
- Linux Tutorial Share: How to sudo command to define the PATH environment variable (Linux)
- Linux usage in echo (Linux)
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.