LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-29-2013, 03:13 AM   #1
a.abdulna
Member
 
Registered: Feb 2013
Location: Bangalore
Distribution: Rhel
Posts: 86

Rep: Reputation: Disabled
iptables configuration.


Dear Team,

I want setup Iptables in our cloud server (RHEL 6.4), we need to access ssh only particular ip ranges. Anybody please help me out..

Allowing list
5.5.8.7
5.5.8.8
182.72.142.46 all other ranges need to be blocked.

Thanks and Regards
Abdul Salam KP
 
Old 04-29-2013, 04:43 AM   #2
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 2,540

Rep: Reputation: 919Reputation: 919Reputation: 919Reputation: 919Reputation: 919Reputation: 919Reputation: 919Reputation: 919
So what have you tried so far?
 
Old 04-29-2013, 04:44 AM   #3
whizje
Member
 
Registered: Sep 2008
Location: The Netherlands
Distribution: Slackware64 current
Posts: 592

Rep: Reputation: 140Reputation: 140
Code:
iptables -A INPUT -i eth1 -m iprange --src-range 5.5.8.7-8 -j ACCEPT
See also man iptables.
 
Old 04-29-2013, 04:46 AM   #4
a.abdulna
Member
 
Registered: Feb 2013
Location: Bangalore
Distribution: Rhel
Posts: 86

Original Poster
Rep: Reputation: Disabled
thanks whizje,

I need to allow only 5.5.0.0/255.255.254.0 and 182.72.142.46/255.255.255.0 this ranges, all other range need be blocked. Anybody please help me out...


Regards
Abdul

Last edited by a.abdulna; 04-29-2013 at 05:01 AM.
 
Old 04-30-2013, 05:43 AM   #5
whizje
Member
 
Registered: Sep 2008
Location: The Netherlands
Distribution: Slackware64 current
Posts: 592

Rep: Reputation: 140Reputation: 140
Code:
iptables -A INPUT -i eth1 -s 5.5.0.0/255.255.254.0,182.72.142.46/255.255.255.0 -j ACCEPT
bash-4.2$ man iptables

Last edited by whizje; 04-30-2013 at 05:46 AM.
 
Old 04-30-2013, 06:39 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,360
Blog Entries: 55

Rep: Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547
...or using ipset and asserting the raw table PREROUTING chain has a DROP policy (which is not the default):
Code:
ipset -N SSH_WHITELIST hash:net family inet
ipset add SSH_WHITELIST 5.5.0.0/23
ipset add SSH_WHITELIST 182.72.142.46/24
iptables -t raw -A PREROUTING -i eth1 -m tcp -dport 22 -m set --match-set SSH_WHITELIST src -m state --state NEW -j ACCEPT
ipset means easier rule management* so you can add
Code:
ipset add SSH_WHITELIST 8.1.0.0/23
or delete
Code:
ipset del SSH_WHITELIST 182.72.142.46/24
addresses and ranges without changing any iptables rule.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTables configuration bluepepsi Linux - Networking 3 11-20-2010 07:53 AM
[SOLVED] iptables configuration saifkhan123 Linux - Security 3 04-25-2009 12:40 AM
IPTables Configuration shaileshjain Linux - Networking 2 04-07-2005 01:16 AM
Iptables configuration Salihou Linux - Networking 2 09-24-2003 03:26 PM
iptables configuration know Linux - Networking 2 05-25-2003 05:55 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:49 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration