Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ iptables allow only specific ip address to access the specified port     - Vi editor Introduction (Linux)

- Linux ban single-user mode to enhance system security (Linux)

- Linux System Getting Started Learning: From VirtualBox from the client host access NAT (Linux)

- Into the Java keyword instanceof (Programming)

- Android webView URL redirects affect goBack () (Programming)

- Build Python3.4 + PyQt5.5.1 + Eric6.1.1 development platform under Mac OS X 10.11.1 (Server)

- How to manage your to-do list with the Go For It on Ubuntu (Linux)

- SSH does not require a password to log on to a Linux server (Server)

- Use custom backup plans for Debian backupninja (Linux)

- Using 30 seconds to write a detailed analysis of garbage removal system (Linux)

- OpenSIPS offline messaging feature set (Server)

- Oracle 11g em start newspaper site's security certificate has a solution to the problem (Database)

- MySQL + Corosync + Pacemaker + DRBD build highly available MySQL (Server)

- DRBD Principle and Features Overview (Server)

- Oracle 11g statistics collection - collection of multi-column statistics (Database)

- DataGuard Standby backup error RMAN-06820 ORA-17629 to solve (Database)

- Struts2 study notes -Valuestack (value stack) and OGNL expression (Programming)

- Mac OS X 10.9 build Nginx + MySQL + php-fpm environment (Server)

- Android Action Compendium (Programming)

- Build the first ASP.NET 5 Web project in Mac OS X Yosemite 10.10.3 (Server)

 
         
  iptables allow only specific ip address to access the specified port
     
  Add Date : 2018-11-21      
         
         
         
  First, remove all pre-set

iptables -F # Clear filter preset table all the rules in the rule chain
 
iptables -X # Clear filter preset table in user-defined chain rules


Secondly, the setting only allows you to specify the ip address to access the specified port

iptables -A INPUT -s xxx.xxx.xxx.xxx -p tcp --dport 22 -j ACCEPT
 
iptables -A OUTPUT -d xxx.xxx.xxx.xxx -p tcp --sport 22 -j ACCEPT
 

 
iptables -A INPUT -s xxx.xxx.xxx.xxx -p tcp --dport 3306 -j ACCEPT
 
iptables -A OUTPUT -d xxx.xxx.xxx.xxx -p tcp --sport 3306 -j ACCEPT


These two above, please note --dport as the destination port, when the data into the server from the outside as the destination port; on the contrary, compared with the data from the data source server out port, use --sport
Similarly, -s is the source address is specified, -d specified destination.


Then, close all the ports

iptables -P INPUT DROP
 
iptables -P OUTPUT DROP
 
iptables -P FORWARD DROP


Finally, save the current rule

/etc/rc.d/init.d/iptables save
 
service iptables restart


This rule only applies to iptables is set to act as MySQL server administration and maintenance of the external address does not provide any services.

If you want to run yum you can then also need to add the following to allow port 53 DNS request to allow downloading randomly generated high port

iptables -A INPUT -m state --state RELATED, ESTABLISHED -j ACCEPT
 
iptables -A INPUT -p udp --sport 53 -j ACCEPT
 
iptables -A OUTPUT -m state --state RELATED, ESTABLISHED -j ACCEPT
 
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
 
iptables -A OUTPUT -p tcp --sport 10000: 65535 -j ACCEPT
 
/etc/rc.d/init.d/iptables save
 
service iptables restart
     
         
         
         
  More:      
 
- Python objects (Programming)
- Ordinary users how the Linux system shutdown (Linux)
- Linux Powerful command Awk Introduction (Linux)
- Everyone should know something about TCP (Linux)
- Linux package management operations Basic entry (Linux)
- Physical backup and recovery SYSTEM table space (Database)
- ASM Disk Space Check (Database)
- How to install Git on CentOS 7 (Linux)
- How to install and use the Snort in Ubuntu 15.04 (Linux)
- Ubuntu 14.10 / Linux Mint 17.1 Win10 compiler install rdesktop 1.8.3 Remote Desktop connection (Linux)
- Linux hard drive failure Case Studies (Linux)
- Five strokes to find out the IP address you want to know (Linux)
- Xshell key authentication mechanism using a remote login Linux (Linux)
- RabbitMQ user roles and access control (Linux)
- Ubuntu 14.10 PPA installed Android Studio (Linux)
- CentOS environment prepared crontab scheduled tasks (Linux)
- Using Linux command line and execute PHP code (Programming)
- Improve the Ubuntu SSH login authentication approach speed (Linux)
- Port is not being used, how will bind failure? (Server)
- Write perfect printf (Programming)
     
           
     
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.