iptables configuration.

a.abdulna · 04-29-2013, 02:13 AM

Dear Team,

I want setup Iptables in our cloud server (RHEL 6.4), we need to access ssh only particular ip ranges. Anybody please help me out..

Allowing list
5.5.8.7
5.5.8.8
182.72.142.46 all other ranges need to be blocked.

Thanks and Regards
Abdul Salam KP

TenTenths · 04-29-2013, 03:43 AM

So what have you tried so far?

whizje · 04-29-2013, 03:44 AM

Code:

iptables -A INPUT -i eth1 -m iprange --src-range 5.5.8.7-8 -j ACCEPT

See also man iptables.

a.abdulna · 04-29-2013, 03:46 AM

thanks whizje,

I need to allow only 5.5.0.0/255.255.254.0 and 182.72.142.46/255.255.255.0 this ranges, all other range need be blocked. Anybody please help me out...

Regards
Abdul

whizje · 04-30-2013, 04:43 AM

Code:

iptables -A INPUT -i eth1 -s 5.5.0.0/255.255.254.0,182.72.142.46/255.255.255.0 -j ACCEPT

bash-4.2$ man iptables

unSpawn · 04-30-2013, 05:39 AM

...or using ipset and asserting the raw table PREROUTING chain has a DROP policy (which is not the default):

Code:

ipset -N SSH_WHITELIST hash:net family inet
ipset add SSH_WHITELIST 5.5.0.0/23
ipset add SSH_WHITELIST 182.72.142.46/24
iptables -t raw -A PREROUTING -i eth1 -m tcp -dport 22 -m set --match-set SSH_WHITELIST src -m state --state NEW -j ACCEPT

ipset means easier rule management* so you can add

Code:

ipset add SSH_WHITELIST 8.1.0.0/23

or delete

Code:

ipset del SSH_WHITELIST 182.72.142.46/24

addresses and ranges without changing any iptables rule.