问题
I've never used iptables, and the documentation online seems a bit opaque.
I'd like to block all requests to port 8000 on my server except those coming from a specific IP address. How do I do that using iptables?
回答1:
This question should be on Server Fault. Nevertheless, the following should do the trick, assuming you're talking about TCP and the IP you want to allow is 1.2.3.4:
iptables -A INPUT -p tcp --dport 8000 -s 1.2.3.4 -j ACCEPT
iptables -A INPUT -p tcp --dport 8000 -j DROP
回答2:
Another alternative is;
sudo iptables -A INPUT -p tcp --dport 8000 -s ! 1.2.3.4 -j DROP
I had similar issue that 3 bridged virtualmachine just need access eachother with different combination, so I have tested this command and it works well.
Edit**
According to Fernando comment and this link exclamation mark (
!) will be placed before than-sparameter:
sudo iptables -A INPUT -p tcp --dport 8000 ! -s 1.2.3.4 -j DROP
回答3:
You can always use iptables to delete the rules. If you have a lot of rules, just output them using the following command.
iptables-save > myfile
vi to edit them from the commend line. Just use the "dd" to delete the lines you no longer want.
iptables-restore < myfile and you're good to go.
REMEMBER THAT IF YOU DON'T CONFIGURE YOUR OS TO SAVE THE RULES TO A FILE AND THEN LOAD THE FILE DURING THE BOOT THAT YOUR RULES WILL BE LOST.
来源:https://stackoverflow.com/questions/7423309/iptables-block-access-to-port-8000-except-from-ip-address