Lockdown port to specific ip address using iptables
For good security measure, it is crucial that you lockdown your services (or daemons) that are open for everyone to connect(e.g SSH, VNC) to yourself, or a set group of users.
It is very simple to do so. First, you may wish to check the rules of your iptables using
sudo iptables -S
If you have rules in the INPUT table in place already, and wish to flush(clear) them,
sudo iptables -F INPUT
Now to lockdown the service, in this case
iptables -I INPUT -p tcp -s <your ip> --dport <your port> -j ACCEPT iptables -A INPUT -p tcp -s 0.0.0.0/0 --dport <your port> -j DROP
So if I wish to lockdown my ssh at port 2201,
iptables -I INPUT -p tcp -s 107.256.256.256 --dport 2201 -j ACCEPT iptables -A INPUT -p tcp -s 0.0.0.0/0 --dport 2201 -j DROP
Note: If you port forwarded, you will need to allow localhost(127.0.0.1) in place of <your ip>
Be First to Comment