Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ iptables allow only specific ip address to access the specified port     - Linux Shell Scripting Interview Question (Linux)

- Linux bash: scp: command not found the problem (Linux)

- Binary Tree Traversal (Linux)

- PostgreSQL Source Customization: Online global read only (Database)

- Open remote MySQL database connection managed under CentOS (Database)

- How to manage the time and date at systemd Linux systems (Linux)

- Ant command-line compiler Android project (Programming)

- Android Studio commonly used shortcuts and how to follow the Eclipse Shortcuts (Linux)

- Java Concurrency - multiple threads of HelloWorld (Programming)

- Java development environment to build under Ubuntu (Linux)

- Ubuntu way of decompressing files (Linux)

- Deep understanding of C # generics (Programming)

- Gentoo: existing preserved libs problem solving (Linux)

- Help you enhance Python programming languages 27 (Programming)

- Boot automatically remove Linux operating history records (Linux)

- Ubuntu Thunderbird 24.4.0 (Linux)

- Applications in Objective-C runtime mechanism (Programming)

- CentOS 7.0 Experience with previous versions (Linux)

- Caffe install under Ubuntu 14.04 64bit (Linux)

- ORA-28000 the account is locked fault simulation (Database)

 
         
  iptables allow only specific ip address to access the specified port
     
  Add Date : 2018-11-21      
         
         
         
  First, remove all pre-set

iptables -F # Clear filter preset table all the rules in the rule chain
 
iptables -X # Clear filter preset table in user-defined chain rules


Secondly, the setting only allows you to specify the ip address to access the specified port

iptables -A INPUT -s xxx.xxx.xxx.xxx -p tcp --dport 22 -j ACCEPT
 
iptables -A OUTPUT -d xxx.xxx.xxx.xxx -p tcp --sport 22 -j ACCEPT
 

 
iptables -A INPUT -s xxx.xxx.xxx.xxx -p tcp --dport 3306 -j ACCEPT
 
iptables -A OUTPUT -d xxx.xxx.xxx.xxx -p tcp --sport 3306 -j ACCEPT


These two above, please note --dport as the destination port, when the data into the server from the outside as the destination port; on the contrary, compared with the data from the data source server out port, use --sport
Similarly, -s is the source address is specified, -d specified destination.


Then, close all the ports

iptables -P INPUT DROP
 
iptables -P OUTPUT DROP
 
iptables -P FORWARD DROP


Finally, save the current rule

/etc/rc.d/init.d/iptables save
 
service iptables restart


This rule only applies to iptables is set to act as MySQL server administration and maintenance of the external address does not provide any services.

If you want to run yum you can then also need to add the following to allow port 53 DNS request to allow downloading randomly generated high port

iptables -A INPUT -m state --state RELATED, ESTABLISHED -j ACCEPT
 
iptables -A INPUT -p udp --sport 53 -j ACCEPT
 
iptables -A OUTPUT -m state --state RELATED, ESTABLISHED -j ACCEPT
 
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
 
iptables -A OUTPUT -p tcp --sport 10000: 65535 -j ACCEPT
 
/etc/rc.d/init.d/iptables save
 
service iptables restart
     
         
         
         
  More:      
 
- Android Action Compendium (Programming)
- GAMIT learning materials finishing (Linux)
- Expert advice: Do not use the computer security IE browser (Linux)
- RPM package fabrication method (Linux)
- C # asynchronous delegates (Programming)
- Ubuntu amend resolv.conf restart failure problem (Linux)
- Linux uses the SMTP proxy to send mail (Linux)
- Source code is installed MySQL 5.6.28 (Database)
- Terminal multiplexing tool tmux use (Linux)
- How to view the Linux QPS (Linux)
- Sqoop data export import command (Database)
- PuTTY Xming achieve the X11 forwarding ssh (Server)
- LVM basic concepts, management (Linux)
- Google open source TCP team repaired the Linux kernel TCP flaw (Linux)
- Do you know how to build the Linux kernel (Programming)
- Linux Network Analysis Tcpdump Command Guide (Linux)
- Mumble installation source VoIP application on Ubuntu (Linux)
- Ubuntu 14.04 / Linux Mint 17 How to install the MintMenu 5.5.2 menu (Linux)
- Python 3.5 await / async (Programming)
- Creating and extracting archives 11 tar command examples in Linux (Linux)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.