whitelist IP Addresses centos 6.10 Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) 2019 Community Moderator Election Results Why I closed the “Why is Kali so hard” questionUnable to make outbound SNMP connections when IPTables is enablediptables rule to allow access to internetIptables: matching outgoing traffic with conntrack and owner. Works with strange dropsUndoing specific iptables ip/port restrictioniptables: route packets to example.com via public proxyconnlimit counters start over after iptables restoredIptables drop access to specific ip address except from my ipAdding iptables rules after implementing fail2baniptables is preventing ssh to aws ec2 instanceForward all traffic to a socks5 proxy port
3 doors, three guards, one stone
How should I respond to a player wanting to catch a sword between their hands?
Stopping real property loss from eroding embankment
Why does this iterative way of solving of equation work?
What computer would be fastest for Mathematica Home Edition?
How can players take actions together that are impossible otherwise?
How does the Nova's Burn power work at the 7-9 level?
Unable to start mainnet node docker container
What LEGO pieces have "real-world" functionality?
Slither Like a Snake
Estimate capacitor parameters
90's book, teen horror
What can I do if my MacBook isn’t charging but already ran out?
New Order #5: where Fibonacci and Beatty meet at Wythoff
Active filter with series inductor and resistor - do these exist?
grandmas drink with lemon juice
Is dark matter really a meaningful hypothesis?
Antler Helmet: Can it work?
What do you call the holes in a flute?
Using "nakedly" instead of "with nothing on"
Is drag coefficient lowest at zero angle of attack?
Why is "Captain Marvel" translated as male in Portugal?
Is there a documented rationale why the House Ways and Means chairman can demand tax info?
How does modal jazz use chord progressions?
whitelist IP Addresses centos 6.10
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
2019 Community Moderator Election Results
Why I closed the “Why is Kali so hard” questionUnable to make outbound SNMP connections when IPTables is enablediptables rule to allow access to internetIptables: matching outgoing traffic with conntrack and owner. Works with strange dropsUndoing specific iptables ip/port restrictioniptables: route packets to example.com via public proxyconnlimit counters start over after iptables restoredIptables drop access to specific ip address except from my ipAdding iptables rules after implementing fail2baniptables is preventing ssh to aws ec2 instanceForward all traffic to a socks5 proxy port
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
How to allow specific IP Addresses to a dport in iptables ?
for example :
i have 2 clients, first client's IP Address is 182.3.3.1 and the second ones is 202.4.5.6, and i have a port let's say 2222.
what i want is, only these IP addresses can access to port 2222.
i wrote this rules :
iptables -A INPUT -p tcp ! -s 182.3.3.1 --dport 2222 -j REJECT
iptables -A INPUT -p tcp ! -s 202.4.5.6 --dport 2222 -j REJECT
What happens is only 1 address can access, and the other one is blocked.
Whats wrong ?
centos networking iptables
New contributor
add a comment |
How to allow specific IP Addresses to a dport in iptables ?
for example :
i have 2 clients, first client's IP Address is 182.3.3.1 and the second ones is 202.4.5.6, and i have a port let's say 2222.
what i want is, only these IP addresses can access to port 2222.
i wrote this rules :
iptables -A INPUT -p tcp ! -s 182.3.3.1 --dport 2222 -j REJECT
iptables -A INPUT -p tcp ! -s 202.4.5.6 --dport 2222 -j REJECT
What happens is only 1 address can access, and the other one is blocked.
Whats wrong ?
centos networking iptables
New contributor
add a comment |
How to allow specific IP Addresses to a dport in iptables ?
for example :
i have 2 clients, first client's IP Address is 182.3.3.1 and the second ones is 202.4.5.6, and i have a port let's say 2222.
what i want is, only these IP addresses can access to port 2222.
i wrote this rules :
iptables -A INPUT -p tcp ! -s 182.3.3.1 --dport 2222 -j REJECT
iptables -A INPUT -p tcp ! -s 202.4.5.6 --dport 2222 -j REJECT
What happens is only 1 address can access, and the other one is blocked.
Whats wrong ?
centos networking iptables
New contributor
How to allow specific IP Addresses to a dport in iptables ?
for example :
i have 2 clients, first client's IP Address is 182.3.3.1 and the second ones is 202.4.5.6, and i have a port let's say 2222.
what i want is, only these IP addresses can access to port 2222.
i wrote this rules :
iptables -A INPUT -p tcp ! -s 182.3.3.1 --dport 2222 -j REJECT
iptables -A INPUT -p tcp ! -s 202.4.5.6 --dport 2222 -j REJECT
What happens is only 1 address can access, and the other one is blocked.
Whats wrong ?
centos networking iptables
centos networking iptables
New contributor
New contributor
edited 15 hours ago
JucaPirama
23117
23117
New contributor
asked 17 hours ago
pakar-indopakar-indo
31
31
New contributor
New contributor
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
The way iptables process rules is: grab a packet and try to match it against the ruleset, from top do bottom. If a rule match, execute it and stop further processing (except for specific cases like when the target is another chain, LOG, RETURN, etc).
Every chain also have a DEFAULT Policy (its ACCEPT by default), that is what happens with a packet that does not match any rule.
Now, if you have two rules like this:
iptables -A INPUT -p tcp ! -s 182.3.3.1 --dport 2222 -j REJECT
iptables -A INPUT -p tcp ! -s 202.4.5.6 --dport 2222 -j REJECT
If you access from the IP 182.3.3.1, the first rule matches and is applied (by doing nothing, and the rule is treated by the chain DEFAULT Policy, that I believe is ACCEPT). In the second case, If the IP is 202.4.5.6, the first rule matches also and is applied (by REJECTing the access).
What you problably want is something like this (don't just type these rules on your system or you will lock yourself out!):
iptables -P DROP INPUT # Changes the INPUT Chain default policy to DROP
iptables -A INPUT -p tcp -s 182.3.3.1 --dport 2222 -j ACCEPT # Allows the access of IP 182.3.3.1
iptables -A INPUT -p tcp -s 202.4.5.6 --dport 2222 -j ACCEPT # Allows the access of IP 202.4.5.6
Understand that, by using these rules, you'll need to update your ruleset to allow access for other services (like allowing yourself accessing SSH and other services on the server, thus the advice against locking yourself out of the server).
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
pakar-indo is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f512407%2fwhitelist-ip-addresses-centos-6-10%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The way iptables process rules is: grab a packet and try to match it against the ruleset, from top do bottom. If a rule match, execute it and stop further processing (except for specific cases like when the target is another chain, LOG, RETURN, etc).
Every chain also have a DEFAULT Policy (its ACCEPT by default), that is what happens with a packet that does not match any rule.
Now, if you have two rules like this:
iptables -A INPUT -p tcp ! -s 182.3.3.1 --dport 2222 -j REJECT
iptables -A INPUT -p tcp ! -s 202.4.5.6 --dport 2222 -j REJECT
If you access from the IP 182.3.3.1, the first rule matches and is applied (by doing nothing, and the rule is treated by the chain DEFAULT Policy, that I believe is ACCEPT). In the second case, If the IP is 202.4.5.6, the first rule matches also and is applied (by REJECTing the access).
What you problably want is something like this (don't just type these rules on your system or you will lock yourself out!):
iptables -P DROP INPUT # Changes the INPUT Chain default policy to DROP
iptables -A INPUT -p tcp -s 182.3.3.1 --dport 2222 -j ACCEPT # Allows the access of IP 182.3.3.1
iptables -A INPUT -p tcp -s 202.4.5.6 --dport 2222 -j ACCEPT # Allows the access of IP 202.4.5.6
Understand that, by using these rules, you'll need to update your ruleset to allow access for other services (like allowing yourself accessing SSH and other services on the server, thus the advice against locking yourself out of the server).
add a comment |
The way iptables process rules is: grab a packet and try to match it against the ruleset, from top do bottom. If a rule match, execute it and stop further processing (except for specific cases like when the target is another chain, LOG, RETURN, etc).
Every chain also have a DEFAULT Policy (its ACCEPT by default), that is what happens with a packet that does not match any rule.
Now, if you have two rules like this:
iptables -A INPUT -p tcp ! -s 182.3.3.1 --dport 2222 -j REJECT
iptables -A INPUT -p tcp ! -s 202.4.5.6 --dport 2222 -j REJECT
If you access from the IP 182.3.3.1, the first rule matches and is applied (by doing nothing, and the rule is treated by the chain DEFAULT Policy, that I believe is ACCEPT). In the second case, If the IP is 202.4.5.6, the first rule matches also and is applied (by REJECTing the access).
What you problably want is something like this (don't just type these rules on your system or you will lock yourself out!):
iptables -P DROP INPUT # Changes the INPUT Chain default policy to DROP
iptables -A INPUT -p tcp -s 182.3.3.1 --dport 2222 -j ACCEPT # Allows the access of IP 182.3.3.1
iptables -A INPUT -p tcp -s 202.4.5.6 --dport 2222 -j ACCEPT # Allows the access of IP 202.4.5.6
Understand that, by using these rules, you'll need to update your ruleset to allow access for other services (like allowing yourself accessing SSH and other services on the server, thus the advice against locking yourself out of the server).
add a comment |
The way iptables process rules is: grab a packet and try to match it against the ruleset, from top do bottom. If a rule match, execute it and stop further processing (except for specific cases like when the target is another chain, LOG, RETURN, etc).
Every chain also have a DEFAULT Policy (its ACCEPT by default), that is what happens with a packet that does not match any rule.
Now, if you have two rules like this:
iptables -A INPUT -p tcp ! -s 182.3.3.1 --dport 2222 -j REJECT
iptables -A INPUT -p tcp ! -s 202.4.5.6 --dport 2222 -j REJECT
If you access from the IP 182.3.3.1, the first rule matches and is applied (by doing nothing, and the rule is treated by the chain DEFAULT Policy, that I believe is ACCEPT). In the second case, If the IP is 202.4.5.6, the first rule matches also and is applied (by REJECTing the access).
What you problably want is something like this (don't just type these rules on your system or you will lock yourself out!):
iptables -P DROP INPUT # Changes the INPUT Chain default policy to DROP
iptables -A INPUT -p tcp -s 182.3.3.1 --dport 2222 -j ACCEPT # Allows the access of IP 182.3.3.1
iptables -A INPUT -p tcp -s 202.4.5.6 --dport 2222 -j ACCEPT # Allows the access of IP 202.4.5.6
Understand that, by using these rules, you'll need to update your ruleset to allow access for other services (like allowing yourself accessing SSH and other services on the server, thus the advice against locking yourself out of the server).
The way iptables process rules is: grab a packet and try to match it against the ruleset, from top do bottom. If a rule match, execute it and stop further processing (except for specific cases like when the target is another chain, LOG, RETURN, etc).
Every chain also have a DEFAULT Policy (its ACCEPT by default), that is what happens with a packet that does not match any rule.
Now, if you have two rules like this:
iptables -A INPUT -p tcp ! -s 182.3.3.1 --dport 2222 -j REJECT
iptables -A INPUT -p tcp ! -s 202.4.5.6 --dport 2222 -j REJECT
If you access from the IP 182.3.3.1, the first rule matches and is applied (by doing nothing, and the rule is treated by the chain DEFAULT Policy, that I believe is ACCEPT). In the second case, If the IP is 202.4.5.6, the first rule matches also and is applied (by REJECTing the access).
What you problably want is something like this (don't just type these rules on your system or you will lock yourself out!):
iptables -P DROP INPUT # Changes the INPUT Chain default policy to DROP
iptables -A INPUT -p tcp -s 182.3.3.1 --dport 2222 -j ACCEPT # Allows the access of IP 182.3.3.1
iptables -A INPUT -p tcp -s 202.4.5.6 --dport 2222 -j ACCEPT # Allows the access of IP 202.4.5.6
Understand that, by using these rules, you'll need to update your ruleset to allow access for other services (like allowing yourself accessing SSH and other services on the server, thus the advice against locking yourself out of the server).
answered 16 hours ago
JucaPiramaJucaPirama
23117
23117
add a comment |
add a comment |
pakar-indo is a new contributor. Be nice, and check out our Code of Conduct.
pakar-indo is a new contributor. Be nice, and check out our Code of Conduct.
pakar-indo is a new contributor. Be nice, and check out our Code of Conduct.
pakar-indo is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f512407%2fwhitelist-ip-addresses-centos-6-10%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
-centos, iptables, networking