Linux - iptables allow only 3 IPs

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












I'm using linux mint and I want to block all incoming connections on port 5210 except 3 IPs. I've searched and went through a lot of threads, and found only results allowing just ranges of LAN IPs, and I cannot find anything related to allowing exactly 3 different IPs that are not in the LAN.



How should I do this or what should I search for?







share|improve this question
























    up vote
    0
    down vote

    favorite












    I'm using linux mint and I want to block all incoming connections on port 5210 except 3 IPs. I've searched and went through a lot of threads, and found only results allowing just ranges of LAN IPs, and I cannot find anything related to allowing exactly 3 different IPs that are not in the LAN.



    How should I do this or what should I search for?







    share|improve this question






















      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      I'm using linux mint and I want to block all incoming connections on port 5210 except 3 IPs. I've searched and went through a lot of threads, and found only results allowing just ranges of LAN IPs, and I cannot find anything related to allowing exactly 3 different IPs that are not in the LAN.



      How should I do this or what should I search for?







      share|improve this question












      I'm using linux mint and I want to block all incoming connections on port 5210 except 3 IPs. I've searched and went through a lot of threads, and found only results allowing just ranges of LAN IPs, and I cannot find anything related to allowing exactly 3 different IPs that are not in the LAN.



      How should I do this or what should I search for?









      share|improve this question











      share|improve this question




      share|improve this question










      asked Mar 14 at 20:22









      unkn0wnx

      104




      104




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote



          accepted










          Allow the three, reject/drop the rest. With iptables from the command line:



          iptables -A INPUT -p tcp --dport 5210 --source "$addr1" -j ACCEPT
          iptables -A INPUT -p tcp --dport 5210 --source "$addr2" -j ACCEPT
          iptables -A INPUT -p tcp --dport 5210 --source "$addr3" -j ACCEPT
          iptables -A INPUT -p tcp --dport 5210 -j REJECT


          For, e.g. addr2, the first rule does not match, and it's ignored, while the second rule matches and accepts the packet.



          Or, make a chain that does nothing for the three addresses and rejects the rest, then accept or do any further processing in the upper level:



          iptables -N p5210
          iptables -A p5210 --source "$addr1" -j RETURN
          iptables -A p5210 --source "$addr2" -j RETURN
          iptables -A p5210 --source "$addr3" -j RETURN
          iptables -A p5210 -j REJECT

          iptables -A INPUT -p tcp --dport 5210 -j p5210
          # add whatever further limitations you want
          iptables -A INPUT -p tcp --dport 5210 -j ACCEPT


          Of course, putting the addresses in a variable and using a loop to run the same command for all of them is also an option:



          #!/bin/bash
          allowed_addresses=(1.2.3.4 4.5.6.7 7.8.9.0)
          for addr in "$allowed_addresses[@]" ; do
          iptables -A INPUT -p tcp --dport 5210 --source "$addr" -j ACCEPT
          done





          share|improve this answer






















          • Thanks a lot, the first one was the one I was looking for, I didn't know I should add them one by one.
            – unkn0wnx
            Mar 14 at 21:16










          Your Answer







          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "106"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );








           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f430253%2flinux-iptables-allow-only-3-ips%23new-answer', 'question_page');

          );

          Post as a guest






























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          0
          down vote



          accepted










          Allow the three, reject/drop the rest. With iptables from the command line:



          iptables -A INPUT -p tcp --dport 5210 --source "$addr1" -j ACCEPT
          iptables -A INPUT -p tcp --dport 5210 --source "$addr2" -j ACCEPT
          iptables -A INPUT -p tcp --dport 5210 --source "$addr3" -j ACCEPT
          iptables -A INPUT -p tcp --dport 5210 -j REJECT


          For, e.g. addr2, the first rule does not match, and it's ignored, while the second rule matches and accepts the packet.



          Or, make a chain that does nothing for the three addresses and rejects the rest, then accept or do any further processing in the upper level:



          iptables -N p5210
          iptables -A p5210 --source "$addr1" -j RETURN
          iptables -A p5210 --source "$addr2" -j RETURN
          iptables -A p5210 --source "$addr3" -j RETURN
          iptables -A p5210 -j REJECT

          iptables -A INPUT -p tcp --dport 5210 -j p5210
          # add whatever further limitations you want
          iptables -A INPUT -p tcp --dport 5210 -j ACCEPT


          Of course, putting the addresses in a variable and using a loop to run the same command for all of them is also an option:



          #!/bin/bash
          allowed_addresses=(1.2.3.4 4.5.6.7 7.8.9.0)
          for addr in "$allowed_addresses[@]" ; do
          iptables -A INPUT -p tcp --dport 5210 --source "$addr" -j ACCEPT
          done





          share|improve this answer






















          • Thanks a lot, the first one was the one I was looking for, I didn't know I should add them one by one.
            – unkn0wnx
            Mar 14 at 21:16














          up vote
          0
          down vote



          accepted










          Allow the three, reject/drop the rest. With iptables from the command line:



          iptables -A INPUT -p tcp --dport 5210 --source "$addr1" -j ACCEPT
          iptables -A INPUT -p tcp --dport 5210 --source "$addr2" -j ACCEPT
          iptables -A INPUT -p tcp --dport 5210 --source "$addr3" -j ACCEPT
          iptables -A INPUT -p tcp --dport 5210 -j REJECT


          For, e.g. addr2, the first rule does not match, and it's ignored, while the second rule matches and accepts the packet.



          Or, make a chain that does nothing for the three addresses and rejects the rest, then accept or do any further processing in the upper level:



          iptables -N p5210
          iptables -A p5210 --source "$addr1" -j RETURN
          iptables -A p5210 --source "$addr2" -j RETURN
          iptables -A p5210 --source "$addr3" -j RETURN
          iptables -A p5210 -j REJECT

          iptables -A INPUT -p tcp --dport 5210 -j p5210
          # add whatever further limitations you want
          iptables -A INPUT -p tcp --dport 5210 -j ACCEPT


          Of course, putting the addresses in a variable and using a loop to run the same command for all of them is also an option:



          #!/bin/bash
          allowed_addresses=(1.2.3.4 4.5.6.7 7.8.9.0)
          for addr in "$allowed_addresses[@]" ; do
          iptables -A INPUT -p tcp --dport 5210 --source "$addr" -j ACCEPT
          done





          share|improve this answer






















          • Thanks a lot, the first one was the one I was looking for, I didn't know I should add them one by one.
            – unkn0wnx
            Mar 14 at 21:16












          up vote
          0
          down vote



          accepted







          up vote
          0
          down vote



          accepted






          Allow the three, reject/drop the rest. With iptables from the command line:



          iptables -A INPUT -p tcp --dport 5210 --source "$addr1" -j ACCEPT
          iptables -A INPUT -p tcp --dport 5210 --source "$addr2" -j ACCEPT
          iptables -A INPUT -p tcp --dport 5210 --source "$addr3" -j ACCEPT
          iptables -A INPUT -p tcp --dport 5210 -j REJECT


          For, e.g. addr2, the first rule does not match, and it's ignored, while the second rule matches and accepts the packet.



          Or, make a chain that does nothing for the three addresses and rejects the rest, then accept or do any further processing in the upper level:



          iptables -N p5210
          iptables -A p5210 --source "$addr1" -j RETURN
          iptables -A p5210 --source "$addr2" -j RETURN
          iptables -A p5210 --source "$addr3" -j RETURN
          iptables -A p5210 -j REJECT

          iptables -A INPUT -p tcp --dport 5210 -j p5210
          # add whatever further limitations you want
          iptables -A INPUT -p tcp --dport 5210 -j ACCEPT


          Of course, putting the addresses in a variable and using a loop to run the same command for all of them is also an option:



          #!/bin/bash
          allowed_addresses=(1.2.3.4 4.5.6.7 7.8.9.0)
          for addr in "$allowed_addresses[@]" ; do
          iptables -A INPUT -p tcp --dport 5210 --source "$addr" -j ACCEPT
          done





          share|improve this answer














          Allow the three, reject/drop the rest. With iptables from the command line:



          iptables -A INPUT -p tcp --dport 5210 --source "$addr1" -j ACCEPT
          iptables -A INPUT -p tcp --dport 5210 --source "$addr2" -j ACCEPT
          iptables -A INPUT -p tcp --dport 5210 --source "$addr3" -j ACCEPT
          iptables -A INPUT -p tcp --dport 5210 -j REJECT


          For, e.g. addr2, the first rule does not match, and it's ignored, while the second rule matches and accepts the packet.



          Or, make a chain that does nothing for the three addresses and rejects the rest, then accept or do any further processing in the upper level:



          iptables -N p5210
          iptables -A p5210 --source "$addr1" -j RETURN
          iptables -A p5210 --source "$addr2" -j RETURN
          iptables -A p5210 --source "$addr3" -j RETURN
          iptables -A p5210 -j REJECT

          iptables -A INPUT -p tcp --dport 5210 -j p5210
          # add whatever further limitations you want
          iptables -A INPUT -p tcp --dport 5210 -j ACCEPT


          Of course, putting the addresses in a variable and using a loop to run the same command for all of them is also an option:



          #!/bin/bash
          allowed_addresses=(1.2.3.4 4.5.6.7 7.8.9.0)
          for addr in "$allowed_addresses[@]" ; do
          iptables -A INPUT -p tcp --dport 5210 --source "$addr" -j ACCEPT
          done






          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Mar 14 at 21:24

























          answered Mar 14 at 21:03









          ilkkachu

          49.1k672136




          49.1k672136











          • Thanks a lot, the first one was the one I was looking for, I didn't know I should add them one by one.
            – unkn0wnx
            Mar 14 at 21:16
















          • Thanks a lot, the first one was the one I was looking for, I didn't know I should add them one by one.
            – unkn0wnx
            Mar 14 at 21:16















          Thanks a lot, the first one was the one I was looking for, I didn't know I should add them one by one.
          – unkn0wnx
          Mar 14 at 21:16




          Thanks a lot, the first one was the one I was looking for, I didn't know I should add them one by one.
          – unkn0wnx
          Mar 14 at 21:16












           

          draft saved


          draft discarded


























           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f430253%2flinux-iptables-allow-only-3-ips%23new-answer', 'question_page');

          );

          Post as a guest













































































          Popular posts from this blog

          How to check contact read email or not when send email to Individual?

          Displaying single band from multi-band raster using QGIS

          How many registers does an x86_64 CPU actually have?