Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ iptables allow only specific ip address to access the specified port     - How to monitor Linux system performance Nmon (Linux)

- MongoDB uses aggregate, group, match mysql achieve in having (count (1)> 1) features (Database)

- Ubuntu use three methods to install Ruby (Linux)

- How to enable Software Collections (SCL) on CentOS (Server)

- MySQL various log summary (Database)

- Zabbix Agent for Linux Installation and Configuration (Server)

- Linux NFS FTP use (Server)

- stat - Get more information than ls (Linux)

- Oracle users to automatically increase the partition table (Database)

- Java in several ways of using MongoDB (Programming)

- Download Manager uGet 2.0 installed in Debian, Ubuntu, Linux Mint and Fedora (Linux)

- Java uses JDBC connect database (Programming)

- Qt signals and slots mechanism (Programming)

- Getting Started with Linux system to learn: how to get the process ID (PID) in the script (Linux)

- HomeKit Human Interface Guidelines (Linux)

- Install Firefox 32 official version of the Linux system (Linux)

- Preview function to confirm the stop resource Oracle 12c new feature crsctl (Database)

- Debian SSD ext4 4K aligned (Linux)

- Linux NFS service fixed ports and firewall configuration (Linux)

- Simple solution CC attack under Linux VPS (Linux)

 
         
  iptables allow only specific ip address to access the specified port
     
  Add Date : 2018-11-21      
         
         
         
  First, remove all pre-set

iptables -F # Clear filter preset table all the rules in the rule chain
 
iptables -X # Clear filter preset table in user-defined chain rules


Secondly, the setting only allows you to specify the ip address to access the specified port

iptables -A INPUT -s xxx.xxx.xxx.xxx -p tcp --dport 22 -j ACCEPT
 
iptables -A OUTPUT -d xxx.xxx.xxx.xxx -p tcp --sport 22 -j ACCEPT
 

 
iptables -A INPUT -s xxx.xxx.xxx.xxx -p tcp --dport 3306 -j ACCEPT
 
iptables -A OUTPUT -d xxx.xxx.xxx.xxx -p tcp --sport 3306 -j ACCEPT


These two above, please note --dport as the destination port, when the data into the server from the outside as the destination port; on the contrary, compared with the data from the data source server out port, use --sport
Similarly, -s is the source address is specified, -d specified destination.


Then, close all the ports

iptables -P INPUT DROP
 
iptables -P OUTPUT DROP
 
iptables -P FORWARD DROP


Finally, save the current rule

/etc/rc.d/init.d/iptables save
 
service iptables restart


This rule only applies to iptables is set to act as MySQL server administration and maintenance of the external address does not provide any services.

If you want to run yum you can then also need to add the following to allow port 53 DNS request to allow downloading randomly generated high port

iptables -A INPUT -m state --state RELATED, ESTABLISHED -j ACCEPT
 
iptables -A INPUT -p udp --sport 53 -j ACCEPT
 
iptables -A OUTPUT -m state --state RELATED, ESTABLISHED -j ACCEPT
 
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
 
iptables -A OUTPUT -p tcp --sport 10000: 65535 -j ACCEPT
 
/etc/rc.d/init.d/iptables save
 
service iptables restart
     
         
         
         
  More:      
 
- Linux operating system ARP Spoofing Defense (Linux)
- Linux, grep, sed usage (Linux)
- To install PXE + Kickstart under CentOS 6.x operating system (Linux)
- Understand ASP.NET 5 running the command: DNVM, DNX, and DNU (Server)
- ORA-04031 error appears in the solution 11.2.0.4 run utlrp.sql (Database)
- Ubuntu modify DNS restart loss problem (Linux)
- Modify Linux terminal prompt path length (Linux)
- C ++ thread creates transmission parameters are changed (Programming)
- Docker: installation under Ubuntu (Server)
- Make full use of the Raspberry Pi SD card space (Linux)
- Understanding Linux firewall Iptables (Linux)
- Chrome plug-in management, online-offline installation, part of the plug presentations (Linux)
- CentOS 6.5 dual card configuration, one of the external network, a local area network connection (Linux)
- JavaScript function closures Quick Start (Programming)
- Ubuntu system grub repair method (Linux)
- Python: Finding meet the conditions specified in the file directory (Programming)
- Linux System Getting Started Learning: After starting in Ubuntu or Debian, enter the command line (Linux)
- Oracle Client Dedicated and Shared connection mode (Database)
- The Zabbix2.4.5 source compiler installation under Ubuntu 14.04 (Server)
- Oracle 11g logical standby achieve BI needs (Database)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.