View previous topic :: View next topic |
Author |
Message |
voncloft Tux's lil' helper
Joined: 29 Jan 2014 Posts: 99
|
Posted: Wed Feb 14, 2018 2:05 am Post subject: Allow IP from specific IP in iptables |
|
|
I have the following iptbables configuration:
Code: |
# Generated by iptables-save v1.6.1 on Tue Feb 13 21:00:21 2018
*mangle
:PREROUTING ACCEPT [557:53241]
:INPUT ACCEPT [515:50118]
:FORWARD ACCEPT [40:2855]
:OUTPUT ACCEPT [357:38920]
:POSTROUTING ACCEPT [397:41775]
COMMIT
# Completed on Tue Feb 13 21:00:21 2018
# Generated by iptables-save v1.6.1 on Tue Feb 13 21:00:21 2018
*filter
:INPUT ACCEPT [72:15542]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [334:35678]
[79:4788] -A INPUT -i wlp5s0 -j ACCEPT
[0:0] -A INPUT -i lo -j ACCEPT
[364:29788] -A INPUT -i enp0s10 -j ACCEPT
[0:0] -A INPUT ! -i enp0s10 -p udp -m udp --dport 67 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT ! -i enp0s10 -p udp -m udp --dport 53 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -i enp4s0 -p tcp -m tcp --dport 222 -j ACCEPT
[0:0] -A INPUT -i enp4s0 -p tcp -m tcp --dport 80 -j ACCEPT
[0:0] -A INPUT -i enp4s0 -p tcp -m tcp --dport 4040 -j ACCEPT
[0:0] -A INPUT -i enp4s0 -p tcp -m tcp --dport 7000 -j ACCEPT
[0:0] -A INPUT -i enp4s0 -p tcp -m tcp --dport 10000 -j ACCEPT
[0:0] -A INPUT ! -i enp0s10 -p tcp -m tcp --dport 0:1023 -j DROP
[0:0] -A INPUT ! -i enp0s10 -p udp -m udp --dport 0:1023 -j DROP
[0:0] -A INPUT ! -i wlp5s0 -p udp -m udp --dport 67 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT ! -i wlp5s0 -p udp -m udp --dport 53 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT ! -i wlp5s0 -p tcp -m tcp --dport 0:1023 -j DROP
[0:0] -A INPUT ! -i wlp5s0 -p udp -m udp --dport 0:1023 -j DROP
[0:0] -A INPUT -s 192.168.1.0/24 -j ACCEPT
[0:0] -A FORWARD -d 192.168.42.0/24 -i wlp5s0 -j DROP
[0:0] -A FORWARD -d 192.168.1.0/24 -i enp0s10 -j DROP
[22:1596] -A FORWARD -s 192.168.1.0/24 -i enp0s10 -j ACCEPT
[0:0] -A FORWARD -d 192.168.1.0/24 -i enp4s0 -j ACCEPT
[0:0] -A FORWARD -d 192.168.42.0/24 -i enp4s0 -j ACCEPT
[0:0] -A FORWARD -s 192.168.42.0/24 -i wlp5s0 -j ACCEPT
[18:1259] -A FORWARD -d 192.168.1.0/24 -i tun0 -j ACCEPT
[0:0] -A FORWARD -d 192.168.42.0/24 -i tun0 -j ACCEPT
[0:0] -A OUTPUT -o enp4s0 -m owner --uid-owner 109 -j DROP
[0:0] -A OUTPUT -o enp4s0 -m owner --uid-owner 1000 -j DROP
[0:0] -A OUTPUT -o tun0 -m owner --uid-owner 109 -j ACCEPT
[23:3242] -A OUTPUT -o tun0 -m owner --uid-owner 1000 -j ACCEPT
COMMIT
# Completed on Tue Feb 13 21:00:21 2018
# Generated by iptables-save v1.6.1 on Tue Feb 13 21:00:21 2018
*nat
:PREROUTING ACCEPT [15:1048]
:INPUT ACCEPT [13:780]
:OUTPUT ACCEPT [30:3187]
:POSTROUTING ACCEPT [0:0]
[0:0] -A POSTROUTING -o enp4s0 -j MASQUERADE
[30:3187] -A POSTROUTING -o tun0 -j MASQUERADE
COMMIT
# Completed on Tue Feb 13 21:00:21 2018
|
I seem to have locked myself out on my lan from user 1000......how do I allow myself into my website on my lan but still block it on the outside? |
|
Back to top |
|
|
voncloft Tux's lil' helper
Joined: 29 Jan 2014 Posts: 99
|
Posted: Wed Feb 14, 2018 2:08 am Post subject: |
|
|
Nevermind I realized my vpn was on and my client pc was using googles dns instead of my own 192.168.1.1.
Forget I said anything. |
|
Back to top |
|
|
|