Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ iptables allow only specific ip address to access the specified port     - Java Virtual Machine class loading mechanism and bytecode execution engine (Programming)

- How to use Quagga BGP (Border Gateway Protocol) router to filter BGP routing (Linux)

- Use smartmontools view the health status of hard disk (Linux)

- CentOS / Debian configuration Gitlab 7.1x to build self Git repository (Linux)

- How to use the Linux command compress JPEG images (Linux)

- Memcached installation, configuration and monitoring (Server)

- MongoDB uses aggregate, group, match mysql achieve in having (count (1)> 1) features (Database)

- Android source code compiled fatal error solutions (Programming)

- Linux System Tutorial: Ubuntu on the desktop is disabled by default keyring to unlock tips (Linux)

- Use PXE with kickstart to install Linux automatically (Linux)

- Three strategies to teach you to release the device memory (Linux)

- Ubuntu 14.04 users how to install VLC 2.2.0 (Linux)

- Executable file format Explanation under Linux (Linux)

- Linux operation and maintenance engineers face questions Intermediate (Linux)

- Appweb configuration in detail (Server)

- ELKstack log analysis platform (Server)

- Linux unpack the tar file to a different directory (Linux)

- The official release method to upgrade to Ubuntu 15.04 (Linux)

- Use netcat [nc] command on Linux and Unix port scan (Server)

- How to Install lightweight Budgie desktop on Ubuntu 14.04 (v8) (Linux)

 
         
  iptables allow only specific ip address to access the specified port
     
  Add Date : 2018-11-21      
         
         
         
  First, remove all pre-set

iptables -F # Clear filter preset table all the rules in the rule chain
 
iptables -X # Clear filter preset table in user-defined chain rules


Secondly, the setting only allows you to specify the ip address to access the specified port

iptables -A INPUT -s xxx.xxx.xxx.xxx -p tcp --dport 22 -j ACCEPT
 
iptables -A OUTPUT -d xxx.xxx.xxx.xxx -p tcp --sport 22 -j ACCEPT
 

 
iptables -A INPUT -s xxx.xxx.xxx.xxx -p tcp --dport 3306 -j ACCEPT
 
iptables -A OUTPUT -d xxx.xxx.xxx.xxx -p tcp --sport 3306 -j ACCEPT


These two above, please note --dport as the destination port, when the data into the server from the outside as the destination port; on the contrary, compared with the data from the data source server out port, use --sport
Similarly, -s is the source address is specified, -d specified destination.


Then, close all the ports

iptables -P INPUT DROP
 
iptables -P OUTPUT DROP
 
iptables -P FORWARD DROP


Finally, save the current rule

/etc/rc.d/init.d/iptables save
 
service iptables restart


This rule only applies to iptables is set to act as MySQL server administration and maintenance of the external address does not provide any services.

If you want to run yum you can then also need to add the following to allow port 53 DNS request to allow downloading randomly generated high port

iptables -A INPUT -m state --state RELATED, ESTABLISHED -j ACCEPT
 
iptables -A INPUT -p udp --sport 53 -j ACCEPT
 
iptables -A OUTPUT -m state --state RELATED, ESTABLISHED -j ACCEPT
 
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
 
iptables -A OUTPUT -p tcp --sport 10000: 65535 -j ACCEPT
 
/etc/rc.d/init.d/iptables save
 
service iptables restart
     
         
         
         
  More:      
 
- According to the national position on how to block traffic in Linux (Server)
- Security measures under Unix multi-user operating system (Linux)
- Android LayoutInflater source parsing (Programming)
- VMware 8 installation configuration Win7, CentOS-7 Wizard (Linux)
- Teamviewer not start in Linux (Linux)
- Extended VMware Ubuntu root partition size (Linux)
- Iptables on the request URL for IP access control (Linux)
- Linux unpack the tar file to a different directory (Linux)
- Using Lua implement various operations list (Programming)
- Boost-- time and date - (1) timer library introduction (Programming)
- Oracle 10g after the failure to start the upgrade (Oracle instance terminated. Disconnection forced) (Database)
- jQuery update the content and method of use 3.0 (Programming)
- JSON Introduction and Usage Summary (Programming)
- CentOS and RHEL to install IPython 0.11 (Linux)
- Linux process group, session daemon (Linux)
- CentOS7 install MySQL 5.5 (Database)
- To repair Shell script by default open in Ubuntu (Linux)
- RabbitMQ tutorial examples: the Hello RabbitMQ World Java realization (Linux)
- Ubuntu 14.04 / 12.04 subscribe users to install software Liferea 1.10.10 (Linux)
- Android determine the device network connection status, and determine the connection (Programming)
     
           
     
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.