whitelist IP Addresses centos 6.10 Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) 2019 Community Moderator Election Results Why I closed the “Why is Kali so hard” questionUnable to make outbound SNMP connections when IPTables is enablediptables rule to allow access to internetIptables: matching outgoing traffic with conntrack and owner. Works with strange dropsUndoing specific iptables ip/port restrictioniptables: route packets to example.com via public proxyconnlimit counters start over after iptables restoredIptables drop access to specific ip address except from my ipAdding iptables rules after implementing fail2baniptables is preventing ssh to aws ec2 instanceForward all traffic to a socks5 proxy port

3 doors, three guards, one stone

How should I respond to a player wanting to catch a sword between their hands?

Stopping real property loss from eroding embankment

Why does this iterative way of solving of equation work?

What computer would be fastest for Mathematica Home Edition?

How can players take actions together that are impossible otherwise?

How does the Nova's Burn power work at the 7-9 level?

Unable to start mainnet node docker container

What LEGO pieces have "real-world" functionality?

Slither Like a Snake

Estimate capacitor parameters

90's book, teen horror

What can I do if my MacBook isn’t charging but already ran out?

New Order #5: where Fibonacci and Beatty meet at Wythoff

Active filter with series inductor and resistor - do these exist?

grandmas drink with lemon juice

Is dark matter really a meaningful hypothesis?

Antler Helmet: Can it work?

What do you call the holes in a flute?

Using "nakedly" instead of "with nothing on"

Is drag coefficient lowest at zero angle of attack?

Why is "Captain Marvel" translated as male in Portugal?

Is there a documented rationale why the House Ways and Means chairman can demand tax info?

How does modal jazz use chord progressions?



whitelist IP Addresses centos 6.10



Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
2019 Community Moderator Election Results
Why I closed the “Why is Kali so hard” questionUnable to make outbound SNMP connections when IPTables is enablediptables rule to allow access to internetIptables: matching outgoing traffic with conntrack and owner. Works with strange dropsUndoing specific iptables ip/port restrictioniptables: route packets to example.com via public proxyconnlimit counters start over after iptables restoredIptables drop access to specific ip address except from my ipAdding iptables rules after implementing fail2baniptables is preventing ssh to aws ec2 instanceForward all traffic to a socks5 proxy port



.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








0















How to allow specific IP Addresses to a dport in iptables ?
for example :
i have 2 clients, first client's IP Address is 182.3.3.1 and the second ones is 202.4.5.6, and i have a port let's say 2222.
what i want is, only these IP addresses can access to port 2222.



i wrote this rules :



iptables -A INPUT -p tcp ! -s 182.3.3.1 --dport 2222 -j REJECT
iptables -A INPUT -p tcp ! -s 202.4.5.6 --dport 2222 -j REJECT


What happens is only 1 address can access, and the other one is blocked.
Whats wrong ?










share|improve this question









New contributor




pakar-indo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.


























    0















    How to allow specific IP Addresses to a dport in iptables ?
    for example :
    i have 2 clients, first client's IP Address is 182.3.3.1 and the second ones is 202.4.5.6, and i have a port let's say 2222.
    what i want is, only these IP addresses can access to port 2222.



    i wrote this rules :



    iptables -A INPUT -p tcp ! -s 182.3.3.1 --dport 2222 -j REJECT
    iptables -A INPUT -p tcp ! -s 202.4.5.6 --dport 2222 -j REJECT


    What happens is only 1 address can access, and the other one is blocked.
    Whats wrong ?










    share|improve this question









    New contributor




    pakar-indo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.






















      0












      0








      0








      How to allow specific IP Addresses to a dport in iptables ?
      for example :
      i have 2 clients, first client's IP Address is 182.3.3.1 and the second ones is 202.4.5.6, and i have a port let's say 2222.
      what i want is, only these IP addresses can access to port 2222.



      i wrote this rules :



      iptables -A INPUT -p tcp ! -s 182.3.3.1 --dport 2222 -j REJECT
      iptables -A INPUT -p tcp ! -s 202.4.5.6 --dport 2222 -j REJECT


      What happens is only 1 address can access, and the other one is blocked.
      Whats wrong ?










      share|improve this question









      New contributor




      pakar-indo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.












      How to allow specific IP Addresses to a dport in iptables ?
      for example :
      i have 2 clients, first client's IP Address is 182.3.3.1 and the second ones is 202.4.5.6, and i have a port let's say 2222.
      what i want is, only these IP addresses can access to port 2222.



      i wrote this rules :



      iptables -A INPUT -p tcp ! -s 182.3.3.1 --dport 2222 -j REJECT
      iptables -A INPUT -p tcp ! -s 202.4.5.6 --dport 2222 -j REJECT


      What happens is only 1 address can access, and the other one is blocked.
      Whats wrong ?







      centos networking iptables






      share|improve this question









      New contributor




      pakar-indo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question









      New contributor




      pakar-indo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question








      edited 15 hours ago









      JucaPirama

      23117




      23117






      New contributor




      pakar-indo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked 17 hours ago









      pakar-indopakar-indo

      31




      31




      New contributor




      pakar-indo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      pakar-indo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      pakar-indo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.




















          1 Answer
          1






          active

          oldest

          votes


















          1














          The way iptables process rules is: grab a packet and try to match it against the ruleset, from top do bottom. If a rule match, execute it and stop further processing (except for specific cases like when the target is another chain, LOG, RETURN, etc).



          Every chain also have a DEFAULT Policy (its ACCEPT by default), that is what happens with a packet that does not match any rule.



          Now, if you have two rules like this:



          iptables -A INPUT -p tcp ! -s 182.3.3.1 --dport 2222 -j REJECT
          iptables -A INPUT -p tcp ! -s 202.4.5.6 --dport 2222 -j REJECT


          If you access from the IP 182.3.3.1, the first rule matches and is applied (by doing nothing, and the rule is treated by the chain DEFAULT Policy, that I believe is ACCEPT). In the second case, If the IP is 202.4.5.6, the first rule matches also and is applied (by REJECTing the access).



          What you problably want is something like this (don't just type these rules on your system or you will lock yourself out!):



          iptables -P DROP INPUT # Changes the INPUT Chain default policy to DROP
          iptables -A INPUT -p tcp -s 182.3.3.1 --dport 2222 -j ACCEPT # Allows the access of IP 182.3.3.1
          iptables -A INPUT -p tcp -s 202.4.5.6 --dport 2222 -j ACCEPT # Allows the access of IP 202.4.5.6


          Understand that, by using these rules, you'll need to update your ruleset to allow access for other services (like allowing yourself accessing SSH and other services on the server, thus the advice against locking yourself out of the server).






          share|improve this answer























            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );






            pakar-indo is a new contributor. Be nice, and check out our Code of Conduct.









            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f512407%2fwhitelist-ip-addresses-centos-6-10%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            1














            The way iptables process rules is: grab a packet and try to match it against the ruleset, from top do bottom. If a rule match, execute it and stop further processing (except for specific cases like when the target is another chain, LOG, RETURN, etc).



            Every chain also have a DEFAULT Policy (its ACCEPT by default), that is what happens with a packet that does not match any rule.



            Now, if you have two rules like this:



            iptables -A INPUT -p tcp ! -s 182.3.3.1 --dport 2222 -j REJECT
            iptables -A INPUT -p tcp ! -s 202.4.5.6 --dport 2222 -j REJECT


            If you access from the IP 182.3.3.1, the first rule matches and is applied (by doing nothing, and the rule is treated by the chain DEFAULT Policy, that I believe is ACCEPT). In the second case, If the IP is 202.4.5.6, the first rule matches also and is applied (by REJECTing the access).



            What you problably want is something like this (don't just type these rules on your system or you will lock yourself out!):



            iptables -P DROP INPUT # Changes the INPUT Chain default policy to DROP
            iptables -A INPUT -p tcp -s 182.3.3.1 --dport 2222 -j ACCEPT # Allows the access of IP 182.3.3.1
            iptables -A INPUT -p tcp -s 202.4.5.6 --dport 2222 -j ACCEPT # Allows the access of IP 202.4.5.6


            Understand that, by using these rules, you'll need to update your ruleset to allow access for other services (like allowing yourself accessing SSH and other services on the server, thus the advice against locking yourself out of the server).






            share|improve this answer



























              1














              The way iptables process rules is: grab a packet and try to match it against the ruleset, from top do bottom. If a rule match, execute it and stop further processing (except for specific cases like when the target is another chain, LOG, RETURN, etc).



              Every chain also have a DEFAULT Policy (its ACCEPT by default), that is what happens with a packet that does not match any rule.



              Now, if you have two rules like this:



              iptables -A INPUT -p tcp ! -s 182.3.3.1 --dport 2222 -j REJECT
              iptables -A INPUT -p tcp ! -s 202.4.5.6 --dport 2222 -j REJECT


              If you access from the IP 182.3.3.1, the first rule matches and is applied (by doing nothing, and the rule is treated by the chain DEFAULT Policy, that I believe is ACCEPT). In the second case, If the IP is 202.4.5.6, the first rule matches also and is applied (by REJECTing the access).



              What you problably want is something like this (don't just type these rules on your system or you will lock yourself out!):



              iptables -P DROP INPUT # Changes the INPUT Chain default policy to DROP
              iptables -A INPUT -p tcp -s 182.3.3.1 --dport 2222 -j ACCEPT # Allows the access of IP 182.3.3.1
              iptables -A INPUT -p tcp -s 202.4.5.6 --dport 2222 -j ACCEPT # Allows the access of IP 202.4.5.6


              Understand that, by using these rules, you'll need to update your ruleset to allow access for other services (like allowing yourself accessing SSH and other services on the server, thus the advice against locking yourself out of the server).






              share|improve this answer

























                1












                1








                1







                The way iptables process rules is: grab a packet and try to match it against the ruleset, from top do bottom. If a rule match, execute it and stop further processing (except for specific cases like when the target is another chain, LOG, RETURN, etc).



                Every chain also have a DEFAULT Policy (its ACCEPT by default), that is what happens with a packet that does not match any rule.



                Now, if you have two rules like this:



                iptables -A INPUT -p tcp ! -s 182.3.3.1 --dport 2222 -j REJECT
                iptables -A INPUT -p tcp ! -s 202.4.5.6 --dport 2222 -j REJECT


                If you access from the IP 182.3.3.1, the first rule matches and is applied (by doing nothing, and the rule is treated by the chain DEFAULT Policy, that I believe is ACCEPT). In the second case, If the IP is 202.4.5.6, the first rule matches also and is applied (by REJECTing the access).



                What you problably want is something like this (don't just type these rules on your system or you will lock yourself out!):



                iptables -P DROP INPUT # Changes the INPUT Chain default policy to DROP
                iptables -A INPUT -p tcp -s 182.3.3.1 --dport 2222 -j ACCEPT # Allows the access of IP 182.3.3.1
                iptables -A INPUT -p tcp -s 202.4.5.6 --dport 2222 -j ACCEPT # Allows the access of IP 202.4.5.6


                Understand that, by using these rules, you'll need to update your ruleset to allow access for other services (like allowing yourself accessing SSH and other services on the server, thus the advice against locking yourself out of the server).






                share|improve this answer













                The way iptables process rules is: grab a packet and try to match it against the ruleset, from top do bottom. If a rule match, execute it and stop further processing (except for specific cases like when the target is another chain, LOG, RETURN, etc).



                Every chain also have a DEFAULT Policy (its ACCEPT by default), that is what happens with a packet that does not match any rule.



                Now, if you have two rules like this:



                iptables -A INPUT -p tcp ! -s 182.3.3.1 --dport 2222 -j REJECT
                iptables -A INPUT -p tcp ! -s 202.4.5.6 --dport 2222 -j REJECT


                If you access from the IP 182.3.3.1, the first rule matches and is applied (by doing nothing, and the rule is treated by the chain DEFAULT Policy, that I believe is ACCEPT). In the second case, If the IP is 202.4.5.6, the first rule matches also and is applied (by REJECTing the access).



                What you problably want is something like this (don't just type these rules on your system or you will lock yourself out!):



                iptables -P DROP INPUT # Changes the INPUT Chain default policy to DROP
                iptables -A INPUT -p tcp -s 182.3.3.1 --dport 2222 -j ACCEPT # Allows the access of IP 182.3.3.1
                iptables -A INPUT -p tcp -s 202.4.5.6 --dport 2222 -j ACCEPT # Allows the access of IP 202.4.5.6


                Understand that, by using these rules, you'll need to update your ruleset to allow access for other services (like allowing yourself accessing SSH and other services on the server, thus the advice against locking yourself out of the server).







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered 16 hours ago









                JucaPiramaJucaPirama

                23117




                23117




















                    pakar-indo is a new contributor. Be nice, and check out our Code of Conduct.









                    draft saved

                    draft discarded


















                    pakar-indo is a new contributor. Be nice, and check out our Code of Conduct.












                    pakar-indo is a new contributor. Be nice, and check out our Code of Conduct.











                    pakar-indo is a new contributor. Be nice, and check out our Code of Conduct.














                    Thanks for contributing an answer to Unix & Linux Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f512407%2fwhitelist-ip-addresses-centos-6-10%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -centos, iptables, networking

                    Popular posts from this blog

                    Frič See also Navigation menuinternal link

                    Identify plant with long narrow paired leaves and reddish stems Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) Announcing the arrival of Valued Associate #679: Cesar Manara Unicorn Meta Zoo #1: Why another podcast?What is this plant with long sharp leaves? Is it a weed?What is this 3ft high, stalky plant, with mid sized narrow leaves?What is this young shrub with opposite ovate, crenate leaves and reddish stems?What is this plant with large broad serrated leaves?Identify this upright branching weed with long leaves and reddish stemsPlease help me identify this bulbous plant with long, broad leaves and white flowersWhat is this small annual with narrow gray/green leaves and rust colored daisy-type flowers?What is this chilli plant?Does anyone know what type of chilli plant this is?Help identify this plant

                    fontconfig warning: “/etc/fonts/fonts.conf”, line 100: unknown “element blank” The 2019 Stack Overflow Developer Survey Results Are In“tar: unrecognized option --warning” during 'apt-get install'How to fix Fontconfig errorHow do I figure out which font file is chosen for a system generic font alias?Why are some apt-get-installed fonts being ignored by fc-list, xfontsel, etc?Reload settings in /etc/fonts/conf.dTaking 30 seconds longer to boot after upgrade from jessie to stretchHow to match multiple font names with a single <match> element?Adding a custom font to fontconfigRemoving fonts from fontconfig <match> resultsBroken fonts after upgrading Firefox ESR to latest Firefox