Solved

IPTables - Specify certain ip access

Posted on 2010-11-22
5
638 Views
Last Modified: 2012-05-10
Dear all,

I need to setup the following in IP Tables on a Ubuntu Server 10.10.

IP Address 1: *.*.*.* = Allow all outbound, Deny all inbound except ports 80, 443
IP Address 2: *.*.*.* = Allow all outbound, Deny all inbound except ports 21

Thanks,

Lyon
0
Comment
Question by:LyonJay
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 16

Accepted Solution

by:
Blaz earned 100 total points
ID: 34188170
These rules acomplish what you stated above:

iptables -A INPUT -d <IP_address_1> -m tcp -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -d <IP_address_1> -m tcp -p tcp  --dport 443 -j ACCEPT
iptables -A INPUT -d <IP_address_2> -m tcp -p tcp  --dport 21 -j ACCEPT
iptables -A INPUT -j DENY

However, plese note:
- you maybe have already existing rules that might interfere with these rules - check existing ones and modify accordingly
- you may need access to additional services lihe SSH access to the machine (for administration), DNS access, ICMP access
0
 
LVL 2

Assisted Solution

by:wk
wk earned 100 total points
ID: 34188297
As you said you are on Ubuntu, you may try ufw - uncomplicated firewall.

https://help.ubuntu.com/community/UFW

$ sudo apt-get install ufw
$ sudo ufw allow 80/tcp
$ sudo ufw allow 443/tcp
$ sudo ufw allow 21/tcp
$ sudo ufw enable
$ sudo ufw status

Done!

William Lee    CISA CISSP
Hong Kong
0
 
LVL 9

Assisted Solution

by:expert_tanmay
expert_tanmay earned 100 total points
ID: 34194475
# allow all out bound
iptables -P OUTPUT -j ACCEPT

#Default Drop all INPUT
iptables -P INPUT -j DROP

# allow to port 80 and 443 for ip1
iptables -A INPUT -d <IP1> -m tcp -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -d <IP1> -m tcp -p tcp  --dport 443 -j ACCEPT

# allow to port 21 for ip2
iptables -A INPUT -d <IP2> -m tcp -p tcp  --dport 21 -j ACCEPT

cheers!!
0
 
LVL 7

Assisted Solution

by:expert1010
expert1010 earned 100 total points
ID: 34195967
I know this is not what you asked for but if you install for example ferm you'd have an easyer way to config your firewall. Ferm is just a compiler for iptables configuration but it makes life a lot easier.

Have a look at:
http://ferm.foo-projects.org/
0
 
LVL 19

Assisted Solution

by:Gabriel Orozco
Gabriel Orozco earned 100 total points
ID: 34201584
Just a question.

are these two ip address in the same ubuntu box, or are they behind the firewall?

that would make very different rules. (I must confess I envisioned the answer as I was reading the question, just as expert_tanmay did)
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question