?
Solved

IPTables - Specify certain ip access

Posted on 2010-11-22
5
Medium Priority
?
663 Views
Last Modified: 2012-05-10
Dear all,

I need to setup the following in IP Tables on a Ubuntu Server 10.10.

IP Address 1: *.*.*.* = Allow all outbound, Deny all inbound except ports 80, 443
IP Address 2: *.*.*.* = Allow all outbound, Deny all inbound except ports 21

Thanks,

Lyon
0
Comment
Question by:LyonJay
5 Comments
 
LVL 16

Accepted Solution

by:
Blaz earned 400 total points
ID: 34188170
These rules acomplish what you stated above:

iptables -A INPUT -d <IP_address_1> -m tcp -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -d <IP_address_1> -m tcp -p tcp  --dport 443 -j ACCEPT
iptables -A INPUT -d <IP_address_2> -m tcp -p tcp  --dport 21 -j ACCEPT
iptables -A INPUT -j DENY

However, plese note:
- you maybe have already existing rules that might interfere with these rules - check existing ones and modify accordingly
- you may need access to additional services lihe SSH access to the machine (for administration), DNS access, ICMP access
0
 
LVL 2

Assisted Solution

by:wk
wk earned 400 total points
ID: 34188297
As you said you are on Ubuntu, you may try ufw - uncomplicated firewall.

https://help.ubuntu.com/community/UFW

$ sudo apt-get install ufw
$ sudo ufw allow 80/tcp
$ sudo ufw allow 443/tcp
$ sudo ufw allow 21/tcp
$ sudo ufw enable
$ sudo ufw status

Done!

William Lee    CISA CISSP
Hong Kong
0
 
LVL 9

Assisted Solution

by:expert_tanmay
expert_tanmay earned 400 total points
ID: 34194475
# allow all out bound
iptables -P OUTPUT -j ACCEPT

#Default Drop all INPUT
iptables -P INPUT -j DROP

# allow to port 80 and 443 for ip1
iptables -A INPUT -d <IP1> -m tcp -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -d <IP1> -m tcp -p tcp  --dport 443 -j ACCEPT

# allow to port 21 for ip2
iptables -A INPUT -d <IP2> -m tcp -p tcp  --dport 21 -j ACCEPT

cheers!!
0
 
LVL 7

Assisted Solution

by:expert1010
expert1010 earned 400 total points
ID: 34195967
I know this is not what you asked for but if you install for example ferm you'd have an easyer way to config your firewall. Ferm is just a compiler for iptables configuration but it makes life a lot easier.

Have a look at:
http://ferm.foo-projects.org/
0
 
LVL 19

Assisted Solution

by:Gabriel Orozco
Gabriel Orozco earned 400 total points
ID: 34201584
Just a question.

are these two ip address in the same ubuntu box, or are they behind the firewall?

that would make very different rules. (I must confess I envisioned the answer as I was reading the question, just as expert_tanmay did)
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Fine Tune your automatic Updates for Ubuntu / Debian
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month17 days, 10 hours left to enroll

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question