Como configurar o arquivo iptables para permitir apenas ipaddress específico em todas as portas e negar todos os outros ipaddress?

Question

Como configurar o arquivo iptables para permitir apenas ipaddress específico em todas as portas e negar todos os outros ipaddress?

#1 resposta do 2707974 (2 votos)

3

Eu preciso de uma configuração do arquivo iptables que me permita conexão através de endereço IP específico, digamos 10.0.0.1 em todas as portas, variando de 0-5555 e negando todos os outros endereços IP?

Eu tentei a opção de comando iptables varia, mas não funcionou corretamente. Qual será o comando exato do iptables?

Editar: Ubuntu 14.04 LTS

networking server iptables firewall

por snoop 07.08.2015 / 10:59

1 resposta

Tags networking server iptables firewall

Visualize as páginas de informações em um navegador da web Como aplicar uma correção a um bug?

score 2 · Accepted Answer

Código é algo parecido com isto

#################################################
# clear existing chains
#################################################

iptables --flush
iptables --delete-chain

#################################################
# allow loopback
#################################################

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

#################################################
# allow established connections
#################################################

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#################################################
# allow ICMP from 10.0.0.1
#################################################

iptables -A INPUT -s 10.0.0.1 -p icmp --icmp-type any -j ACCEPT
iptables -A OUTPUT -p icmp -j ACCEPT


#################################################
# allow port range from 10.0.0.1
#################################################

iptables -A INPUT -m state --state NEW -s 10.0.0.1 -m tcp -p tcp --match multiport --dports 0:5555 -j ACCEPT

#################################################
# deny all
#################################################

iptables -A INPUT -j DROP

#################################################
# default policies
#################################################

iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

#################################################
# save the new policy
#################################################

service iptables save