Skip to content

Lockdown port to specific ip address using iptables

Lockdown port to specific ip address using iptables

For good security measure, it is crucial that you lockdown your services (or daemons) that are open for everyone to connect(e.g SSH, VNC) to yourself, or a set group of users.

It is very simple to do so. First, you may wish to check the rules of your iptables using

sudo iptables -S

If you have rules in the INPUT table in place already, and wish to flush(clear) them,

sudo iptables -F INPUT

Now to lockdown the service, in this case

iptables -I INPUT -p tcp -s <your ip> --dport <your port> -j ACCEPT
iptables -A INPUT -p tcp -s 0.0.0.0/0 --dport <your port> -j DROP

So if I wish to lockdown my ssh at port 2201,

iptables -I INPUT -p tcp -s 107.256.256.256 --dport 2201 -j ACCEPT
iptables -A INPUT -p tcp -s 0.0.0.0/0 --dport 2201 -j DROP

Note: If you port forwarded, you will need to allow localhost(127.0.0.1) in place of <your ip>

Enjoyed the content ? Share it with your friends !
Published inWeb Server

Be First to Comment

Leave a Reply

Your email address will not be published.