I’m trying to block all inputs accept specific ip’s and my local ip. The ACCEPT works just fine, but the DROP doesn’t work. It goes right through.
iptables -A INPUT -p tcp --dport 8443 -s 192.168.8.0/24 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 8443 -j DROP
Why doesn’t this work?
I think you can use only one iptables rule to do both:
iptables -A INPUT -p tcp ! -s 192.168.8.0/24 --dport 8443 -j DROP
yes, i know, but i need to add more ip’s but i can’t share them of course so that’s why i used the local ip command. But still, this should disable all incomming ip’s except the local ip (and the others i enabled) right? Well, it’s not
So, what happens to any other IP connection attempt?
If it gets through then maybe your accept isn’t working either.
Are you sure you’re using iptables and not ufw or something else? Is iptables active and working that you can verify?
@ElPres it’s active because there are rules in it.
but this just doesn’t work. i checked it on my 4G and could still connect to it using my external ip.
You’re right. My quick google told me so
I’m not a linux expert. Google is your friend.
Have a read here linux - iptables: allow certain ips and block all other connection - Unix & Linux Stack Exchange
And ensure you’ve setup iptables to save and reload your rules on server reboot.
This comment suggests to have default REJECT and allow only what you want to allow.
Here’s an (untested!) example that blocks incoming connections only. Connections over the loopback interface, coming from 192.168.3.x, ICMP, or to the SSH port are allowed. All other connections are rejected.
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -s 192.168.3.0/24 -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -j REJECT
Make sure you allow your ssh as well.
Looks like you’ve used -m tcp where the examples have -m state
Have you reviewed the iptables portion of the github wiki?