Quote:
Originally Posted by billli
Say is it possible to only allow port 25 be accessed from 128.96.*.* and 67.215.52.1, while all the other port could be accessed by everyone?
|
Sure. One way could be like:
Code:
iptables -A INPUT -p TCP --dport ! 25 -s 128.96.0.0/16 -j DROP
iptables -A INPUT -p TCP --dport ! 25 -s 67.215.52.1 -j DROP
iptables -A INPUT -p TCP --dport 25 -j DROP
iptables -A INPUT -j ACCEPT
The last line isn't needed if you have your INPUT policy set to ACCEPT.
My next examples assume the policy is set to ACCEPT.
Another way might me:
Code:
iptables -A INPUT -p TCP --dport 25 -s 128.96.0.0/16 -j ACCEPT
iptables -A INPUT -p TCP --dport 25 -s 67.215.52.1 -j ACCEPT
iptables -A INPUT -s 128.96.0.0/16 -j DROP
iptables -A INPUT -s 67.215.52.1 -j DROP
iptables -A INPUT -p TCP --dport 25 -j DROP
Both examples assume that for those two IPs you only want port 25 to be accessible. In other words, any other ports won't be accessible to those two IPs. If what you meant was that you wanted port 25 to be accessible only to those IPs (while still allowing those two IPs to access any other port) then something like this could be used instead:
Code:
iptables -A INPUT -s 128.96.0.0/16 -j ACCEPT
iptables -A INPUT -s 67.215.52.1 -j ACCEPT
iptables -A INPUT -p TCP --dport 25 -j DROP