Will this block access to all but the specified IP address?

Question

Will this block access to all but the specified IP address?

networking

forum:John Henry Eden 9 years, 5 months ago

I have a linode for running vulnerable websites and services for testing. I have set iptables to require use of a proxy linode to access the linode.

Will this restrict all access to the linode to the one IP address?

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -d 127.0.0.0/8 -j REJECT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -j ACCEPT

iptables -A INPUT -s 173.255.192.138 -j ACCEPT

iptables -A INPUT -j DROP
iptables -A FORWARD -j DROP

2 Replies

forum:masonm · Answer 1 · Nov. 18, 2014, 6:03 p.m.

forum:masonm 9 years, 5 months ago

That depends on what rules existed in the INPUT chain before those commands are executed. The "iptables -A" command appends the rule to the given chain, so rules that existed earlier will be processed first. Remember that iptables rules are processed sequentially, so order matters.

Run "iptables -L -n" to get a complete dump of all chains and post the result here.

Oh, and you should always test using "nmap " from both 173.255.192.138 and an external IP to ensure it actually works.

forum:John Henry Eden · Answer 2 · Nov. 18, 2014, 10:23 p.m.

forum:John Henry Eden 9 years, 5 months ago

I'm using nmap from another linode, and it seems to think it is down. Sounds like it's working.

Compute

Storage

Databases

Networking

Developer Tools

Delivery

Security

Services

Industries

Pricing

Community

Engage With Us

Will this block access to all but the specified IP address?

2 Replies

Reply

Tips: