ipTables rule to block a port for all internal IP Addresses except one
I have a Virtual Dedicated Server with 6 IP Addresses. 1 for the server and 5 for other websites.
I want to block the access to port 9999(control panel) and 22(SSH) for all IP Addresses except 1. They are internal IP Addresses not external. So http://w1.x1.y1.z1:9999 is accessible but http://w2.x2.y2.z2:9999 http://w3.x3.y3.z3:9999 http://w4.x4.y4.z4:9999 http://w5.x5.y5.z5:9999 http://w6.x6.y6.z6:9999 do not work. Please help I plan to use ipTables to do so since I am using it currently to block ports 993 and 995 Also, I plan to add more IP Addresses later to the same server. SO I would prefer a rule which would allow access to w1.x1.y1.z1:9999 instead of writing 5 rules to deny access to other IP Addresses, so that I dont have write new rules when I add another IP Address. Although this is just preference. Any rule works fine for the time being. Please help. |
Quote:
Code:
iptables -I INPUT -p TCP -m multiport --dports 9999,22 -d ! w1.x1.y1.z1 -j DROP |
Error in query
Thanks for the quick response,
however there seems to be some error in the statement(i am a noob) so have not ideas if it is a space or spelling. its just that as soon as I execute the statement everything disappears from the SSH screen and I have to disconnect and re-connect. Even after reconnecting if I type iptables -L or iptables -v -L to see if the rule was put in place, same thing happens until I execute iptables -F Can you please check it? I am on Fedora Core 7 if it helps |
Quote:
Code:
iptables -I INPUT -p TCP -i eth0 -d ! w1.x1.y1.z1 -m multiport --dports 9999,22 -m state --state NEW -j DROP If you still get an error message, please post it so we can better understand what is happening. |
Same error - no error, just screen wipes everything off it and I have to disconnect
Same error - no error, just screen wipes everything off it and I have to disconnect and reconnect and when i try and do iptables -L it does same thing again until I run iptables -F
:( Is there no other way? :( I have 2 rules already iptables -A INPUT -p all -s localhost -d localhost -j ACCEPT iptables -A INPUT -p tcp –destination-port 3306 -j REJECT I tried washing them and starting fresh, but still same error. |
Quote:
Code:
iptables -nvL |
Here is the response
Code:
Chain INPUT (policy ACCEPT 996 packets, 85292 bytes) I tried same command with Putty and it threw an error Code:
WARNING: /etc/modprobe.d line 1: ignoring bad line starting with 'á-@' And anything in the format of the previous statements which executed perfectly before Code:
iptables -A INPUT -p tcp –destination-port 3306 -j REJECT |
Quote:
Code:
iptables -A INPUT -p TCP -d ! w1.x1.y1.z1 --dport 22 -j REJECT |
YES!! Perfect.
Worked like a charm..
Thankyou.... |
All times are GMT -5. The time now is 05:25 PM. |