Gentoo Forums :: View topic - Allow IP from specific IP in iptables

Allow IP from specific IP in iptables

View unanswered posts
View posts from last 24 hours

Gentoo Forums Forum Index

Networking & Security

View previous topic :: View next topic

Author

Message

voncloft
Tux's lil' helper

Joined: 29 Jan 2014
Posts: 99

Posted: Wed Feb 14, 2018 2:05 am Post subject: Allow IP from specific IP in iptables

I have the following iptbables configuration:

Code:

# Generated by iptables-save v1.6.1 on Tue Feb 13 21:00:21 2018
*mangle
:PREROUTING ACCEPT [557:53241]
:INPUT ACCEPT [515:50118]
:FORWARD ACCEPT [40:2855]
:OUTPUT ACCEPT [357:38920]
:POSTROUTING ACCEPT [397:41775]
COMMIT
# Completed on Tue Feb 13 21:00:21 2018
# Generated by iptables-save v1.6.1 on Tue Feb 13 21:00:21 2018
*filter
:INPUT ACCEPT [72:15542]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [334:35678]
[79:4788] -A INPUT -i wlp5s0 -j ACCEPT
[0:0] -A INPUT -i lo -j ACCEPT
[364:29788] -A INPUT -i enp0s10 -j ACCEPT
[0:0] -A INPUT ! -i enp0s10 -p udp -m udp --dport 67 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT ! -i enp0s10 -p udp -m udp --dport 53 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -i enp4s0 -p tcp -m tcp --dport 222 -j ACCEPT
[0:0] -A INPUT -i enp4s0 -p tcp -m tcp --dport 80 -j ACCEPT
[0:0] -A INPUT -i enp4s0 -p tcp -m tcp --dport 4040 -j ACCEPT
[0:0] -A INPUT -i enp4s0 -p tcp -m tcp --dport 7000 -j ACCEPT
[0:0] -A INPUT -i enp4s0 -p tcp -m tcp --dport 10000 -j ACCEPT
[0:0] -A INPUT ! -i enp0s10 -p tcp -m tcp --dport 0:1023 -j DROP
[0:0] -A INPUT ! -i enp0s10 -p udp -m udp --dport 0:1023 -j DROP
[0:0] -A INPUT ! -i wlp5s0 -p udp -m udp --dport 67 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT ! -i wlp5s0 -p udp -m udp --dport 53 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT ! -i wlp5s0 -p tcp -m tcp --dport 0:1023 -j DROP
[0:0] -A INPUT ! -i wlp5s0 -p udp -m udp --dport 0:1023 -j DROP
[0:0] -A INPUT -s 192.168.1.0/24 -j ACCEPT
[0:0] -A FORWARD -d 192.168.42.0/24 -i wlp5s0 -j DROP
[0:0] -A FORWARD -d 192.168.1.0/24 -i enp0s10 -j DROP
[22:1596] -A FORWARD -s 192.168.1.0/24 -i enp0s10 -j ACCEPT
[0:0] -A FORWARD -d 192.168.1.0/24 -i enp4s0 -j ACCEPT
[0:0] -A FORWARD -d 192.168.42.0/24 -i enp4s0 -j ACCEPT
[0:0] -A FORWARD -s 192.168.42.0/24 -i wlp5s0 -j ACCEPT
[18:1259] -A FORWARD -d 192.168.1.0/24 -i tun0 -j ACCEPT
[0:0] -A FORWARD -d 192.168.42.0/24 -i tun0 -j ACCEPT
[0:0] -A OUTPUT -o enp4s0 -m owner --uid-owner 109 -j DROP
[0:0] -A OUTPUT -o enp4s0 -m owner --uid-owner 1000 -j DROP
[0:0] -A OUTPUT -o tun0 -m owner --uid-owner 109 -j ACCEPT
[23:3242] -A OUTPUT -o tun0 -m owner --uid-owner 1000 -j ACCEPT
COMMIT
# Completed on Tue Feb 13 21:00:21 2018
# Generated by iptables-save v1.6.1 on Tue Feb 13 21:00:21 2018
*nat
:PREROUTING ACCEPT [15:1048]
:INPUT ACCEPT [13:780]
:OUTPUT ACCEPT [30:3187]
:POSTROUTING ACCEPT [0:0]
[0:0] -A POSTROUTING -o enp4s0 -j MASQUERADE
[30:3187] -A POSTROUTING -o tun0 -j MASQUERADE
COMMIT
# Completed on Tue Feb 13 21:00:21 2018

I seem to have locked myself out on my lan from user 1000......how do I allow myself into my website on my lan but still block it on the outside?

voncloft
Tux's lil' helper

Joined: 29 Jan 2014
Posts: 99

Posted: Wed Feb 14, 2018 2:08 am Post subject:

Nevermind I realized my vpn was on and my client pc was using googles dns instead of my own 192.168.1.1. Forget I said anything.

Display posts from previous:

	Gentoo Forums Forum Index Networking & Security	All times are GMT
Page 1 of 1

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy