Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ iptables allow only specific ip address to access the specified port     - Ubuntu System Log Configuration / var / log / messages (Linux)

- 10 important Linux ps command combat (Linux)

- Git uses a basic tutorial (Linux)

- Adjustment expand VMDK format VirtualBox disk space (Linux)

- MongoDB simple replication configuration (Database)

- Perl loop (Programming)

- Docker installation under CentOS7 (Linux)

- Ubuntu Apache virtual host configuration (Server)

- Hadoop namenode do NFS disaster recovery (Server)

- Use PDFBox processing PDF documents (Linux)

- Ubuntu Froxlor Server Administration panel installation (Server)

- Oracle Enterprise Linux 64-bit install apache-tomcat-7.0.53 step (Server)

- C language - Traverse pci device (Programming)

- Android system source code and compile the kernel source code (Programming)

- How to fix Ubuntu / Mint can not add PPA source of error (Linux)

- Python format string (Programming)

- Java how to achieve bubble sort the problem Arraylist (Programming)

- Deploy Apache Spark cluster environment in Ubuntu (Server)

- CoreOS use register mirror to build private warehouse (Linux)

- 7 extremely dangerous Linux commands (Linux)

 
         
  iptables allow only specific ip address to access the specified port
     
  Add Date : 2018-11-21      
         
         
         
  First, remove all pre-set

iptables -F # Clear filter preset table all the rules in the rule chain
 
iptables -X # Clear filter preset table in user-defined chain rules


Secondly, the setting only allows you to specify the ip address to access the specified port

iptables -A INPUT -s xxx.xxx.xxx.xxx -p tcp --dport 22 -j ACCEPT
 
iptables -A OUTPUT -d xxx.xxx.xxx.xxx -p tcp --sport 22 -j ACCEPT
 

 
iptables -A INPUT -s xxx.xxx.xxx.xxx -p tcp --dport 3306 -j ACCEPT
 
iptables -A OUTPUT -d xxx.xxx.xxx.xxx -p tcp --sport 3306 -j ACCEPT


These two above, please note --dport as the destination port, when the data into the server from the outside as the destination port; on the contrary, compared with the data from the data source server out port, use --sport
Similarly, -s is the source address is specified, -d specified destination.


Then, close all the ports

iptables -P INPUT DROP
 
iptables -P OUTPUT DROP
 
iptables -P FORWARD DROP


Finally, save the current rule

/etc/rc.d/init.d/iptables save
 
service iptables restart


This rule only applies to iptables is set to act as MySQL server administration and maintenance of the external address does not provide any services.

If you want to run yum you can then also need to add the following to allow port 53 DNS request to allow downloading randomly generated high port

iptables -A INPUT -m state --state RELATED, ESTABLISHED -j ACCEPT
 
iptables -A INPUT -p udp --sport 53 -j ACCEPT
 
iptables -A OUTPUT -m state --state RELATED, ESTABLISHED -j ACCEPT
 
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
 
iptables -A OUTPUT -p tcp --sport 10000: 65535 -j ACCEPT
 
/etc/rc.d/init.d/iptables save
 
service iptables restart
     
         
         
         
  More:      
 
- Installation configuration CUDA under Ubuntu 14.04 (Linux)
- Linux Getting Started tutorial: GNU C and Vim will fight the C / C ++ IDE semi-automatic (Linux)
- Linux system security infrastructure Highlights (Linux)
- How x2g0 install Remote Desktop on Linux VPS (Server)
- Linux LVM - File system extension (Linux)
- ImportTsv-HBase data import tool (Database)
- Android using SVG vector graphics to create cool animation effects (Programming)
- Linux --- file descriptors and redirection (Linux)
- Linux operating system security can not be ignored (Linux)
- Oracle database online redo logs are several methods of recovery of deleted (Database)
- Linux System Getting Started Learning: Change the name of the network interface on CentOS7 (Linux)
- Ubuntu 15.04 / CentOS 7.0 to set custom boot (Linux)
- Oracle Standby Redo Log experiment (Database)
- Install Kali Linux via PXE network (Linux)
- SSH does not require a password to log on to a Linux server (Server)
- Linux operating system ARP Spoofing Defense (Linux)
- Using Linux stat command to view the files (Linux)
- Linux NFS FTP use (Server)
- Four IDS intrusion detection tool under Linux environment (Linux)
- C ++ Supplements - References (Lvalue Reference, Rvalue Reference) (Linux)
     
           
     
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.