Portal Home > Knowledgebase > Articles Database > Block ALL IP exclude my IP with iptables
Block ALL IP exclude my IP with iptables
| Posted by nashenas, 11-24-2010, 11:08 AM |
| Hi there ,
I have a backup server and I want to block ALL IP except one IP .
Please help me for write the iptables rules .
OS is centos
Thanks
|
| Posted by kevinnivek, 11-24-2010, 11:40 AM |
| Here's some rules to block all incoming/forwarded traffic, except traffic to port 22 from your IP :
# Drop all incoming traffic
iptables -P INPUT DROP
# Drop all forwarded traffic
iptables -P FORWARD DROP
# Allow all outgoing traffic
iptables -P OUTPUT ACCEPT
iptables -A INPUT -p tcp -m tcp -s xx.xx.xx.xx/32 --dport 22 -j ACCEPT
|
| Posted by nashenas, 11-24-2010, 11:54 AM |
| Thank you .
How can I add these rules in start up ?
I want execute these rules when I my server reboot .
Thank you
|
| Posted by MikeDVB, 11-24-2010, 11:55 AM |
| You can put it in the rc.local file and they will execute on boot.
|
| Posted by kevinnivek, 11-24-2010, 11:57 AM |
| As MikeDVB suggested, adding it to startup is a good idea. You could also create a shell script file to execute them on demand as well.
Its always a good idea to clear all previous rules in the startup / script file (at the top before all other directives) :
#clear all rules
iptables -F
iptables -X
|
| Posted by nashenas, 11-24-2010, 12:01 PM |
| Thank you for your advise .
Where is rc.local ?
|
| Posted by kevinnivek, 11-24-2010, 12:07 PM |
| it should be under /etc
|
| Posted by skullbox, 11-24-2010, 12:07 PM |
| root@emerald [~]# locate rc.local
/etc/Muttrc.local
/etc/rc.local
/etc/rc.d/rc.local
|
| Posted by khunj, 11-25-2010, 11:40 AM |
| I would allow loopback too.
And keeping established/related connections (for OS upgrades etc) would be a good idea.
|
Add to Favourites 
Print this Article
Also Read
Server uptime (Views: 739)
Shared Hosting
Shared Hosting
