whitelist IP Addresses centos 6.10 Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 23, 2019 at 00:00UTC (8:00pm US/Eastern) 2019 Community Moderator Election Results Why I closed the “Why is Kali so hard” questionUnable to make outbound SNMP connections when IPTables is enablediptables rule to allow access to internetIptables: matching outgoing traffic with conntrack and owner. Works with strange dropsUndoing specific iptables ip/port restrictioniptables: route packets to example.com via public proxyconnlimit counters start over after iptables restoredIptables drop access to specific ip address except from my ipAdding iptables rules after implementing fail2baniptables is preventing ssh to aws ec2 instanceForward all traffic to a socks5 proxy port
Maximum summed subsequences with non-adjacent items
Why do we bend a book to keep it straight?
Question about debouncing - delay of state change
Why wasn't DOSKEY integrated with COMMAND.COM?
Is CEO the "profession" with the most psychopaths?
Why does it sometimes sound good to play a grace note as a lead in to a note in a melody?
Why is it faster to reheat something than it is to cook it?
Using audio cues to encourage good posture
How to write the following sign?
Do I really need to have a message in a novel to appeal to readers?
Is it fair for a professor to grade us on the possession of past papers?
Can anything be seen from the center of the Boötes void? How dark would it be?
Significance of Cersei's obsession with elephants?
How can I reduce the gap between left and right of cdot with a macro?
How does light 'choose' between wave and particle behaviour?
What initially awakened the Balrog?
What would you call this weird metallic apparatus that allows you to lift people?
How often does castling occur in grandmaster games?
Is it possible for SQL statements to execute concurrently within a single session in SQL Server?
How to react to hostile behavior from a senior developer?
Do any jurisdictions seriously consider reclassifying social media websites as publishers?
Does the Weapon Master feat grant you a fighting style?
Drawing without replacement: why is the order of draw irrelevant?
Why does the remaining Rebel fleet at the end of Rogue One seem dramatically larger than the one in A New Hope?
whitelist IP Addresses centos 6.10
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 23, 2019 at 00:00UTC (8:00pm US/Eastern)
2019 Community Moderator Election Results
Why I closed the “Why is Kali so hard” questionUnable to make outbound SNMP connections when IPTables is enablediptables rule to allow access to internetIptables: matching outgoing traffic with conntrack and owner. Works with strange dropsUndoing specific iptables ip/port restrictioniptables: route packets to example.com via public proxyconnlimit counters start over after iptables restoredIptables drop access to specific ip address except from my ipAdding iptables rules after implementing fail2baniptables is preventing ssh to aws ec2 instanceForward all traffic to a socks5 proxy port
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
How to allow specific IP Addresses to a dport in iptables ?
for example :
i have 2 clients, first client's IP Address is 182.3.3.1 and the second ones is 202.4.5.6, and i have a port let's say 2222.
what i want is, only these IP addresses can access to port 2222.
i wrote this rules :
iptables -A INPUT -p tcp ! -s 182.3.3.1 --dport 2222 -j REJECT
iptables -A INPUT -p tcp ! -s 202.4.5.6 --dport 2222 -j REJECT
What happens is only 1 address can access, and the other one is blocked.
Whats wrong ?
centos networking iptables
edited Apr 14 at 15:27
JucaPirama
24117
asked Apr 14 at 13:10
pakar-indopakar-indo
31
New contributor
pakar-indo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
How to allow specific IP Addresses to a dport in iptables ?
for example :
i have 2 clients, first client's IP Address is 182.3.3.1 and the second ones is 202.4.5.6, and i have a port let's say 2222.
what i want is, only these IP addresses can access to port 2222.
i wrote this rules :
iptables -A INPUT -p tcp ! -s 182.3.3.1 --dport 2222 -j REJECT
iptables -A INPUT -p tcp ! -s 202.4.5.6 --dport 2222 -j REJECT
What happens is only 1 address can access, and the other one is blocked.
Whats wrong ?
centos networking iptables
edited Apr 14 at 15:27
JucaPirama
24117
asked Apr 14 at 13:10
pakar-indopakar-indo
31
New contributor
pakar-indo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
How to allow specific IP Addresses to a dport in iptables ?
for example :
i have 2 clients, first client's IP Address is 182.3.3.1 and the second ones is 202.4.5.6, and i have a port let's say 2222.
what i want is, only these IP addresses can access to port 2222.
i wrote this rules :
iptables -A INPUT -p tcp ! -s 182.3.3.1 --dport 2222 -j REJECT
iptables -A INPUT -p tcp ! -s 202.4.5.6 --dport 2222 -j REJECT
What happens is only 1 address can access, and the other one is blocked.
Whats wrong ?
centos networking iptables
edited Apr 14 at 15:27
JucaPirama
24117
asked Apr 14 at 13:10
pakar-indopakar-indo
31
New contributor
pakar-indo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
How to allow specific IP Addresses to a dport in iptables ?
for example :
i have 2 clients, first client's IP Address is 182.3.3.1 and the second ones is 202.4.5.6, and i have a port let's say 2222.
what i want is, only these IP addresses can access to port 2222.
i wrote this rules :
iptables -A INPUT -p tcp ! -s 182.3.3.1 --dport 2222 -j REJECT
iptables -A INPUT -p tcp ! -s 202.4.5.6 --dport 2222 -j REJECT
What happens is only 1 address can access, and the other one is blocked.
Whats wrong ?
centos networking iptables
centos networking iptables
edited Apr 14 at 15:27
JucaPirama
24117
asked Apr 14 at 13:10
pakar-indopakar-indo
31
New contributor
pakar-indo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited Apr 14 at 15:27
JucaPirama
24117
asked Apr 14 at 13:10
pakar-indopakar-indo
31
New contributor
pakar-indo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited Apr 14 at 15:27
JucaPirama
24117
edited Apr 14 at 15:27
JucaPirama
24117
edited Apr 14 at 15:27
JucaPirama
24117
24117
asked Apr 14 at 13:10
pakar-indopakar-indo
31
New contributor
pakar-indo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked Apr 14 at 13:10
pakar-indopakar-indo
31
asked Apr 14 at 13:10
pakar-indopakar-indo
31
31
New contributor
pakar-indo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
pakar-indo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
pakar-indo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
The way iptables process rules is: grab a packet and try to match it against the ruleset, from top do bottom. If a rule match, execute it and stop further processing (except for specific cases like when the target is another chain, LOG, RETURN, etc).
Every chain also have a DEFAULT Policy (its ACCEPT by default), that is what happens with a packet that does not match any rule.
Now, if you have two rules like this:
iptables -A INPUT -p tcp ! -s 182.3.3.1 --dport 2222 -j REJECT
iptables -A INPUT -p tcp ! -s 202.4.5.6 --dport 2222 -j REJECT
If you access from the IP 182.3.3.1, the first rule matches and is applied (by doing nothing, and the rule is treated by the chain DEFAULT Policy, that I believe is ACCEPT). In the second case, If the IP is 202.4.5.6, the first rule matches also and is applied (by REJECTing the access).
What you problably want is something like this (don't just type these rules on your system or you will lock yourself out!):
iptables -P DROP INPUT # Changes the INPUT Chain default policy to DROP
iptables -A INPUT -p tcp -s 182.3.3.1 --dport 2222 -j ACCEPT # Allows the access of IP 182.3.3.1
iptables -A INPUT -p tcp -s 202.4.5.6 --dport 2222 -j ACCEPT # Allows the access of IP 202.4.5.6
Understand that, by using these rules, you'll need to update your ruleset to allow access for other services (like allowing yourself accessing SSH and other services on the server, thus the advice against locking yourself out of the server).
answered Apr 14 at 14:07
JucaPiramaJucaPirama
24117
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
pakar-indo is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f512407%2fwhitelist-ip-addresses-centos-6-10%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The way iptables process rules is: grab a packet and try to match it against the ruleset, from top do bottom. If a rule match, execute it and stop further processing (except for specific cases like when the target is another chain, LOG, RETURN, etc).
Every chain also have a DEFAULT Policy (its ACCEPT by default), that is what happens with a packet that does not match any rule.
Now, if you have two rules like this:
iptables -A INPUT -p tcp ! -s 182.3.3.1 --dport 2222 -j REJECT
iptables -A INPUT -p tcp ! -s 202.4.5.6 --dport 2222 -j REJECT
If you access from the IP 182.3.3.1, the first rule matches and is applied (by doing nothing, and the rule is treated by the chain DEFAULT Policy, that I believe is ACCEPT). In the second case, If the IP is 202.4.5.6, the first rule matches also and is applied (by REJECTing the access).
What you problably want is something like this (don't just type these rules on your system or you will lock yourself out!):
iptables -P DROP INPUT # Changes the INPUT Chain default policy to DROP
iptables -A INPUT -p tcp -s 182.3.3.1 --dport 2222 -j ACCEPT # Allows the access of IP 182.3.3.1
iptables -A INPUT -p tcp -s 202.4.5.6 --dport 2222 -j ACCEPT # Allows the access of IP 202.4.5.6
Understand that, by using these rules, you'll need to update your ruleset to allow access for other services (like allowing yourself accessing SSH and other services on the server, thus the advice against locking yourself out of the server).
answered Apr 14 at 14:07
JucaPiramaJucaPirama
24117
add a comment |
The way iptables process rules is: grab a packet and try to match it against the ruleset, from top do bottom. If a rule match, execute it and stop further processing (except for specific cases like when the target is another chain, LOG, RETURN, etc).
Every chain also have a DEFAULT Policy (its ACCEPT by default), that is what happens with a packet that does not match any rule.
Now, if you have two rules like this:
iptables -A INPUT -p tcp ! -s 182.3.3.1 --dport 2222 -j REJECT
iptables -A INPUT -p tcp ! -s 202.4.5.6 --dport 2222 -j REJECT
If you access from the IP 182.3.3.1, the first rule matches and is applied (by doing nothing, and the rule is treated by the chain DEFAULT Policy, that I believe is ACCEPT). In the second case, If the IP is 202.4.5.6, the first rule matches also and is applied (by REJECTing the access).
What you problably want is something like this (don't just type these rules on your system or you will lock yourself out!):
iptables -P DROP INPUT # Changes the INPUT Chain default policy to DROP
iptables -A INPUT -p tcp -s 182.3.3.1 --dport 2222 -j ACCEPT # Allows the access of IP 182.3.3.1
iptables -A INPUT -p tcp -s 202.4.5.6 --dport 2222 -j ACCEPT # Allows the access of IP 202.4.5.6
Understand that, by using these rules, you'll need to update your ruleset to allow access for other services (like allowing yourself accessing SSH and other services on the server, thus the advice against locking yourself out of the server).
answered Apr 14 at 14:07
JucaPiramaJucaPirama
24117
add a comment |
The way iptables process rules is: grab a packet and try to match it against the ruleset, from top do bottom. If a rule match, execute it and stop further processing (except for specific cases like when the target is another chain, LOG, RETURN, etc).
Every chain also have a DEFAULT Policy (its ACCEPT by default), that is what happens with a packet that does not match any rule.
Now, if you have two rules like this:
iptables -A INPUT -p tcp ! -s 182.3.3.1 --dport 2222 -j REJECT
iptables -A INPUT -p tcp ! -s 202.4.5.6 --dport 2222 -j REJECT
If you access from the IP 182.3.3.1, the first rule matches and is applied (by doing nothing, and the rule is treated by the chain DEFAULT Policy, that I believe is ACCEPT). In the second case, If the IP is 202.4.5.6, the first rule matches also and is applied (by REJECTing the access).
What you problably want is something like this (don't just type these rules on your system or you will lock yourself out!):
iptables -P DROP INPUT # Changes the INPUT Chain default policy to DROP
iptables -A INPUT -p tcp -s 182.3.3.1 --dport 2222 -j ACCEPT # Allows the access of IP 182.3.3.1
iptables -A INPUT -p tcp -s 202.4.5.6 --dport 2222 -j ACCEPT # Allows the access of IP 202.4.5.6
Understand that, by using these rules, you'll need to update your ruleset to allow access for other services (like allowing yourself accessing SSH and other services on the server, thus the advice against locking yourself out of the server).
answered Apr 14 at 14:07
JucaPiramaJucaPirama
24117
The way iptables process rules is: grab a packet and try to match it against the ruleset, from top do bottom. If a rule match, execute it and stop further processing (except for specific cases like when the target is another chain, LOG, RETURN, etc).
Every chain also have a DEFAULT Policy (its ACCEPT by default), that is what happens with a packet that does not match any rule.
Now, if you have two rules like this:
iptables -A INPUT -p tcp ! -s 182.3.3.1 --dport 2222 -j REJECT
iptables -A INPUT -p tcp ! -s 202.4.5.6 --dport 2222 -j REJECT
If you access from the IP 182.3.3.1, the first rule matches and is applied (by doing nothing, and the rule is treated by the chain DEFAULT Policy, that I believe is ACCEPT). In the second case, If the IP is 202.4.5.6, the first rule matches also and is applied (by REJECTing the access).
What you problably want is something like this (don't just type these rules on your system or you will lock yourself out!):
iptables -P DROP INPUT # Changes the INPUT Chain default policy to DROP
iptables -A INPUT -p tcp -s 182.3.3.1 --dport 2222 -j ACCEPT # Allows the access of IP 182.3.3.1
iptables -A INPUT -p tcp -s 202.4.5.6 --dport 2222 -j ACCEPT # Allows the access of IP 202.4.5.6
Understand that, by using these rules, you'll need to update your ruleset to allow access for other services (like allowing yourself accessing SSH and other services on the server, thus the advice against locking yourself out of the server).
answered Apr 14 at 14:07
JucaPiramaJucaPirama
24117
answered Apr 14 at 14:07
JucaPiramaJucaPirama
24117
answered Apr 14 at 14:07
JucaPiramaJucaPirama
24117
answered Apr 14 at 14:07
JucaPiramaJucaPirama
24117
24117
add a comment |
add a comment |
pakar-indo is a new contributor. Be nice, and check out our Code of Conduct.
pakar-indo is a new contributor. Be nice, and check out our Code of Conduct.
pakar-indo is a new contributor. Be nice, and check out our Code of Conduct.
pakar-indo is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f512407%2fwhitelist-ip-addresses-centos-6-10%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
