2020年5月12日 星期二

[Linux 常見問題] How to allow a range of IP's with IPTABLES?

Source From Here
Question
Here is my iptables, how can I make it so that I can allow a range of ip's on ETH1 (10.51.x.x)
  1. # Generated by iptables-save v1.4.4 on Thu Jul  8 13:00:14 2010  
  2. *filter  
  3. :INPUT ACCEPT [0:0]  
  4. :FORWARD ACCEPT [0:0]  
  5. :OUTPUT ACCEPT [0:0]  
  6. :fail2ban-ssh - [0:0]  
  7. -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh   
  8. -A INPUT -i lo -j ACCEPT   
  9. -A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable   
  10. -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT   
  11. -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT  
  12. -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT   
  13. -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT   
  14. -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT  
  15. -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT   
  16. -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT   
  17. -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT   
  18. -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7   
  19. -A INPUT -j REJECT --reject-with icmp-port-unreachable   
  20. -A FORWARD -j REJECT --reject-with icmp-port-unreachable   
  21. -A OUTPUT -j ACCEPT   
  22. -A fail2ban-ssh -j RETURN   
  23. COMMIT  
How-To
If you only want to allow a certain range of IP addresses inside of 10.50.0.0 (such as from 10.50.10.20 through 10.50.10.80) you can use the following command:
# iptables -A INPUT -i eth1 -m iprange --src-range 10.50.10.20-10.50.10.80 -j ACCEPT

If you want to allow the entire range you can use this instead:
# iptables -A INPUT -i eth1 -s 10.50.0.0/16 -j ACCEPT

See iptables man page and this question here on ServerFault: Whitelist allowed IPs (in/out) using iptables

Supplement
Ubuntu Server 如何永久儲存iptables的設定?
// Save and load iptables rules
# sudo iptables-save > iptables.conf
# sudo iptables-restore < iptables.conf

// Use iptables-persistent
# sudo apt install iptables-persistent
# sudo dpkg-reconfigure iptables-persistent

This message was edited 4 times. Last update was at 13/05/2020 07:56:27

沒有留言:

張貼留言

[Git 常見問題] error: The following untracked working tree files would be overwritten by merge

  Source From  Here 方案1: // x -----删除忽略文件已经对 git 来说不识别的文件 // d -----删除未被添加到 git 的路径中的文件 // f -----强制运行 #   git clean -d -fx 方案2: 今天在服务器上  gi...