Solved

IPTables - Specify certain ip access

Posted on 2010-11-22
5
627 Views
Last Modified: 2012-05-10
Dear all,

I need to setup the following in IP Tables on a Ubuntu Server 10.10.

IP Address 1: *.*.*.* = Allow all outbound, Deny all inbound except ports 80, 443
IP Address 2: *.*.*.* = Allow all outbound, Deny all inbound except ports 21

Thanks,

Lyon
0
Comment
Question by:LyonJay
5 Comments
 
LVL 16

Accepted Solution

by:
Blaz earned 100 total points
ID: 34188170
These rules acomplish what you stated above:

iptables -A INPUT -d <IP_address_1> -m tcp -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -d <IP_address_1> -m tcp -p tcp  --dport 443 -j ACCEPT
iptables -A INPUT -d <IP_address_2> -m tcp -p tcp  --dport 21 -j ACCEPT
iptables -A INPUT -j DENY

However, plese note:
- you maybe have already existing rules that might interfere with these rules - check existing ones and modify accordingly
- you may need access to additional services lihe SSH access to the machine (for administration), DNS access, ICMP access
0
 
LVL 2

Assisted Solution

by:wk
wk earned 100 total points
ID: 34188297
As you said you are on Ubuntu, you may try ufw - uncomplicated firewall.

https://help.ubuntu.com/community/UFW

$ sudo apt-get install ufw
$ sudo ufw allow 80/tcp
$ sudo ufw allow 443/tcp
$ sudo ufw allow 21/tcp
$ sudo ufw enable
$ sudo ufw status

Done!

William Lee    CISA CISSP
Hong Kong
0
 
LVL 9

Assisted Solution

by:expert_tanmay
expert_tanmay earned 100 total points
ID: 34194475
# allow all out bound
iptables -P OUTPUT -j ACCEPT

#Default Drop all INPUT
iptables -P INPUT -j DROP

# allow to port 80 and 443 for ip1
iptables -A INPUT -d <IP1> -m tcp -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -d <IP1> -m tcp -p tcp  --dport 443 -j ACCEPT

# allow to port 21 for ip2
iptables -A INPUT -d <IP2> -m tcp -p tcp  --dport 21 -j ACCEPT

cheers!!
0
 
LVL 7

Assisted Solution

by:expert1010
expert1010 earned 100 total points
ID: 34195967
I know this is not what you asked for but if you install for example ferm you'd have an easyer way to config your firewall. Ferm is just a compiler for iptables configuration but it makes life a lot easier.

Have a look at:
http://ferm.foo-projects.org/
0
 
LVL 19

Assisted Solution

by:Gabriel Orozco
Gabriel Orozco earned 100 total points
ID: 34201584
Just a question.

are these two ip address in the same ubuntu box, or are they behind the firewall?

that would make very different rules. (I must confess I envisioned the answer as I was reading the question, just as expert_tanmay did)
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Guacamole cut and paste issue 3 73
shell script or linux command to upload a directory to artifactory? 2 131
AD LDAP LDS 3 66
Upgrade BIOS / EUFI at Scale 4 35
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Fine Tune your automatic Updates for Ubuntu / Debian
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question