IPTables - Specify certain ip access

Dear all,

I need to setup the following in IP Tables on a Ubuntu Server 10.10.

IP Address 1: *.*.*.* = Allow all outbound, Deny all inbound except ports 80, 443
IP Address 2: *.*.*.* = Allow all outbound, Deny all inbound except ports 21


Who is Participating?
BlazConnect With a Mentor Commented:
These rules acomplish what you stated above:

iptables -A INPUT -d <IP_address_1> -m tcp -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -d <IP_address_1> -m tcp -p tcp  --dport 443 -j ACCEPT
iptables -A INPUT -d <IP_address_2> -m tcp -p tcp  --dport 21 -j ACCEPT
iptables -A INPUT -j DENY

However, plese note:
- you maybe have already existing rules that might interfere with these rules - check existing ones and modify accordingly
- you may need access to additional services lihe SSH access to the machine (for administration), DNS access, ICMP access
wkConnect With a Mentor Commented:
As you said you are on Ubuntu, you may try ufw - uncomplicated firewall.


$ sudo apt-get install ufw
$ sudo ufw allow 80/tcp
$ sudo ufw allow 443/tcp
$ sudo ufw allow 21/tcp
$ sudo ufw enable
$ sudo ufw status


William Lee    CISA CISSP
Hong Kong
expert_tanmayConnect With a Mentor Commented:
# allow all out bound
iptables -P OUTPUT -j ACCEPT

#Default Drop all INPUT
iptables -P INPUT -j DROP

# allow to port 80 and 443 for ip1
iptables -A INPUT -d <IP1> -m tcp -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -d <IP1> -m tcp -p tcp  --dport 443 -j ACCEPT

# allow to port 21 for ip2
iptables -A INPUT -d <IP2> -m tcp -p tcp  --dport 21 -j ACCEPT

expert1010Connect With a Mentor Commented:
I know this is not what you asked for but if you install for example ferm you'd have an easyer way to config your firewall. Ferm is just a compiler for iptables configuration but it makes life a lot easier.

Have a look at:
Gabriel OrozcoConnect With a Mentor Solution ArchitectCommented:
Just a question.

are these two ip address in the same ubuntu box, or are they behind the firewall?

that would make very different rules. (I must confess I envisioned the answer as I was reading the question, just as expert_tanmay did)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.