Iptables Script to Block All Internet Access Except for Desired Applications

  • Home
  • Languages
  • Linux
  • Iptables Script to Block All Internet Access Except for Desired Applications

iptables block access to all ports except from a partial IP address

If you need to block all incomming traffic except an specific range, you should first change the default policy of the INPUT chain to DROP:

iptables --policy INPUT DROP

Then, you should give a netmask to iptables to allow many IP addresses altogether exceptionally. For example, if you need to only allow 74.231.64.1, 74.231.64.2, to 74.231.64.255, you can use following command:

iptables -A INPUT -s 74.231.64.0/24 -j ACCEPT

74.231.64.0/24 tells to iptables to apply the same role to all varying IPs between 74.231.64.1 to 74.231.64.255. Similarly, you can widen this range by passing 74.231.0.0/16 or 74.0.0.0/8 instead.

IMPORTANT NOTE: Before applying this change, you better have a direct access to the system, not an over-network access. This is because a miss type may block you from the server.

IPtables block range with exception

Do an ACCEPT before the DROP.

iptables -A OUTPUT -d 123.123.10.10 -j ACCEPT
iptables -A OUTPUT -d 123.123.1.1/16 -j DROP

That way once the packet matches the first rule it won't even be tested against the second.

How can I remove specific rules from iptables?

Execute the same commands but replace the "-A" with "-D". For example:

iptables -A ...

becomes

iptables -D ...

Related Topics

How Do Programs Communicate with Each Other

How Does One Determine the Page Frame Number for Device Memory

Switching Users Using Winscp Between Different Accounts

Error Marking Master: Timed Out Waiting for the Condition [Kubernetes]

Add Suffix to Each Line with Shell Script

Compare Md5 Sums in Bash Script

Perl Escaping Argument for Bash Execution

Having Trouble Starting Jenkins: "Java.Io.Filenotfoundexception: /Usr/Share/Java/Jenkins/War/Meta-Inf/Manifest.Mf (No Such File or Directory)"

Does Not Work to Execute Command in Double Brackets in Bash

Communicating Between a Parent and Its Children

What Do the Suffixes "+" and "-" After the Job Id of Background Jobs Mean

Difference Between --Cap-Add=Net_Admin and Add Capabilities in .Yml

Catching a Direct Redirect to /Dev/Tty

Vimtutor Arrow Keys V/S Hjkl

Dbus_Bus_Request_Name (): Connections Are Not Allowed to Own the Service

Stack Alignment on X86

How to Extract One Column from Multiple Files, and Paste Those Columns into One File

Is There a Simple Way to Batch Rename Symlink Targets


Leave a reply



Submit