Linux - iptables allow only 3 IPs
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I'm using linux mint and I want to block all incoming connections on port 5210 except 3 IPs. I've searched and went through a lot of threads, and found only results allowing just ranges of LAN IPs, and I cannot find anything related to allowing exactly 3 different IPs that are not in the LAN.
How should I do this or what should I search for?
linux iptables firewall
add a comment |Â
up vote
0
down vote
favorite
I'm using linux mint and I want to block all incoming connections on port 5210 except 3 IPs. I've searched and went through a lot of threads, and found only results allowing just ranges of LAN IPs, and I cannot find anything related to allowing exactly 3 different IPs that are not in the LAN.
How should I do this or what should I search for?
linux iptables firewall
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I'm using linux mint and I want to block all incoming connections on port 5210 except 3 IPs. I've searched and went through a lot of threads, and found only results allowing just ranges of LAN IPs, and I cannot find anything related to allowing exactly 3 different IPs that are not in the LAN.
How should I do this or what should I search for?
linux iptables firewall
I'm using linux mint and I want to block all incoming connections on port 5210 except 3 IPs. I've searched and went through a lot of threads, and found only results allowing just ranges of LAN IPs, and I cannot find anything related to allowing exactly 3 different IPs that are not in the LAN.
How should I do this or what should I search for?
linux iptables firewall
asked Mar 14 at 20:22
unkn0wnx
104
104
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
accepted
Allow the three, reject/drop the rest. With iptables
from the command line:
iptables -A INPUT -p tcp --dport 5210 --source "$addr1" -j ACCEPT
iptables -A INPUT -p tcp --dport 5210 --source "$addr2" -j ACCEPT
iptables -A INPUT -p tcp --dport 5210 --source "$addr3" -j ACCEPT
iptables -A INPUT -p tcp --dport 5210 -j REJECT
For, e.g. addr2
, the first rule does not match, and it's ignored, while the second rule matches and accepts the packet.
Or, make a chain that does nothing for the three addresses and rejects the rest, then accept or do any further processing in the upper level:
iptables -N p5210
iptables -A p5210 --source "$addr1" -j RETURN
iptables -A p5210 --source "$addr2" -j RETURN
iptables -A p5210 --source "$addr3" -j RETURN
iptables -A p5210 -j REJECT
iptables -A INPUT -p tcp --dport 5210 -j p5210
# add whatever further limitations you want
iptables -A INPUT -p tcp --dport 5210 -j ACCEPT
Of course, putting the addresses in a variable and using a loop to run the same command for all of them is also an option:
#!/bin/bash
allowed_addresses=(1.2.3.4 4.5.6.7 7.8.9.0)
for addr in "$allowed_addresses[@]" ; do
iptables -A INPUT -p tcp --dport 5210 --source "$addr" -j ACCEPT
done
Thanks a lot, the first one was the one I was looking for, I didn't know I should add them one by one.
â unkn0wnx
Mar 14 at 21:16
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
accepted
Allow the three, reject/drop the rest. With iptables
from the command line:
iptables -A INPUT -p tcp --dport 5210 --source "$addr1" -j ACCEPT
iptables -A INPUT -p tcp --dport 5210 --source "$addr2" -j ACCEPT
iptables -A INPUT -p tcp --dport 5210 --source "$addr3" -j ACCEPT
iptables -A INPUT -p tcp --dport 5210 -j REJECT
For, e.g. addr2
, the first rule does not match, and it's ignored, while the second rule matches and accepts the packet.
Or, make a chain that does nothing for the three addresses and rejects the rest, then accept or do any further processing in the upper level:
iptables -N p5210
iptables -A p5210 --source "$addr1" -j RETURN
iptables -A p5210 --source "$addr2" -j RETURN
iptables -A p5210 --source "$addr3" -j RETURN
iptables -A p5210 -j REJECT
iptables -A INPUT -p tcp --dport 5210 -j p5210
# add whatever further limitations you want
iptables -A INPUT -p tcp --dport 5210 -j ACCEPT
Of course, putting the addresses in a variable and using a loop to run the same command for all of them is also an option:
#!/bin/bash
allowed_addresses=(1.2.3.4 4.5.6.7 7.8.9.0)
for addr in "$allowed_addresses[@]" ; do
iptables -A INPUT -p tcp --dport 5210 --source "$addr" -j ACCEPT
done
Thanks a lot, the first one was the one I was looking for, I didn't know I should add them one by one.
â unkn0wnx
Mar 14 at 21:16
add a comment |Â
up vote
0
down vote
accepted
Allow the three, reject/drop the rest. With iptables
from the command line:
iptables -A INPUT -p tcp --dport 5210 --source "$addr1" -j ACCEPT
iptables -A INPUT -p tcp --dport 5210 --source "$addr2" -j ACCEPT
iptables -A INPUT -p tcp --dport 5210 --source "$addr3" -j ACCEPT
iptables -A INPUT -p tcp --dport 5210 -j REJECT
For, e.g. addr2
, the first rule does not match, and it's ignored, while the second rule matches and accepts the packet.
Or, make a chain that does nothing for the three addresses and rejects the rest, then accept or do any further processing in the upper level:
iptables -N p5210
iptables -A p5210 --source "$addr1" -j RETURN
iptables -A p5210 --source "$addr2" -j RETURN
iptables -A p5210 --source "$addr3" -j RETURN
iptables -A p5210 -j REJECT
iptables -A INPUT -p tcp --dport 5210 -j p5210
# add whatever further limitations you want
iptables -A INPUT -p tcp --dport 5210 -j ACCEPT
Of course, putting the addresses in a variable and using a loop to run the same command for all of them is also an option:
#!/bin/bash
allowed_addresses=(1.2.3.4 4.5.6.7 7.8.9.0)
for addr in "$allowed_addresses[@]" ; do
iptables -A INPUT -p tcp --dport 5210 --source "$addr" -j ACCEPT
done
Thanks a lot, the first one was the one I was looking for, I didn't know I should add them one by one.
â unkn0wnx
Mar 14 at 21:16
add a comment |Â
up vote
0
down vote
accepted
up vote
0
down vote
accepted
Allow the three, reject/drop the rest. With iptables
from the command line:
iptables -A INPUT -p tcp --dport 5210 --source "$addr1" -j ACCEPT
iptables -A INPUT -p tcp --dport 5210 --source "$addr2" -j ACCEPT
iptables -A INPUT -p tcp --dport 5210 --source "$addr3" -j ACCEPT
iptables -A INPUT -p tcp --dport 5210 -j REJECT
For, e.g. addr2
, the first rule does not match, and it's ignored, while the second rule matches and accepts the packet.
Or, make a chain that does nothing for the three addresses and rejects the rest, then accept or do any further processing in the upper level:
iptables -N p5210
iptables -A p5210 --source "$addr1" -j RETURN
iptables -A p5210 --source "$addr2" -j RETURN
iptables -A p5210 --source "$addr3" -j RETURN
iptables -A p5210 -j REJECT
iptables -A INPUT -p tcp --dport 5210 -j p5210
# add whatever further limitations you want
iptables -A INPUT -p tcp --dport 5210 -j ACCEPT
Of course, putting the addresses in a variable and using a loop to run the same command for all of them is also an option:
#!/bin/bash
allowed_addresses=(1.2.3.4 4.5.6.7 7.8.9.0)
for addr in "$allowed_addresses[@]" ; do
iptables -A INPUT -p tcp --dport 5210 --source "$addr" -j ACCEPT
done
Allow the three, reject/drop the rest. With iptables
from the command line:
iptables -A INPUT -p tcp --dport 5210 --source "$addr1" -j ACCEPT
iptables -A INPUT -p tcp --dport 5210 --source "$addr2" -j ACCEPT
iptables -A INPUT -p tcp --dport 5210 --source "$addr3" -j ACCEPT
iptables -A INPUT -p tcp --dport 5210 -j REJECT
For, e.g. addr2
, the first rule does not match, and it's ignored, while the second rule matches and accepts the packet.
Or, make a chain that does nothing for the three addresses and rejects the rest, then accept or do any further processing in the upper level:
iptables -N p5210
iptables -A p5210 --source "$addr1" -j RETURN
iptables -A p5210 --source "$addr2" -j RETURN
iptables -A p5210 --source "$addr3" -j RETURN
iptables -A p5210 -j REJECT
iptables -A INPUT -p tcp --dport 5210 -j p5210
# add whatever further limitations you want
iptables -A INPUT -p tcp --dport 5210 -j ACCEPT
Of course, putting the addresses in a variable and using a loop to run the same command for all of them is also an option:
#!/bin/bash
allowed_addresses=(1.2.3.4 4.5.6.7 7.8.9.0)
for addr in "$allowed_addresses[@]" ; do
iptables -A INPUT -p tcp --dport 5210 --source "$addr" -j ACCEPT
done
edited Mar 14 at 21:24
answered Mar 14 at 21:03
ilkkachu
49.1k672136
49.1k672136
Thanks a lot, the first one was the one I was looking for, I didn't know I should add them one by one.
â unkn0wnx
Mar 14 at 21:16
add a comment |Â
Thanks a lot, the first one was the one I was looking for, I didn't know I should add them one by one.
â unkn0wnx
Mar 14 at 21:16
Thanks a lot, the first one was the one I was looking for, I didn't know I should add them one by one.
â unkn0wnx
Mar 14 at 21:16
Thanks a lot, the first one was the one I was looking for, I didn't know I should add them one by one.
â unkn0wnx
Mar 14 at 21:16
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f430253%2flinux-iptables-allow-only-3-ips%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password