RSS Subscription
Linux Howtos & Tutorials

Enter your email:

Delivered by


NOTE:New tutorials are from LinuxCareer.com

Latest Linux Jobs

Poll

Do you own or wish to have iPhone?
 

Recently added ....

Linux eBooks FREE Download
A guide to programming Linux kernel modules
Introduction to Linux - A Hands on Guide
A Newbie's Getting Started Guide to Linux

Linux from Scratch - Create Your Own Linux System - Free eBook

Linux: The Hacking Solution (v.3.0)

SQLite 3 with PHP Essential Training – Free Video Training Tutorials

This guide will introduce you to the world of GNU/Linux

The GNU/Linux Advanced Administration

A Complete Beginner's Manual for Ubuntu 10.04 (Lucid Lynx)

Advanced Bash-Scripting Guide

Set up, maintain, and secure a small office email server
Partner Linux Sites:
How-To.LinuxCareer.com
Jobs.LinuxCareer.com
TuxMachines
Monsterb
LinuxBloggers
AdamsInfo
LinuxScrew
All For Linux
Web
linuxconfig.org

Popular Linux Tutorials

Iptables to reject all INPUT and OUTPUT except specific hosts

Last Updated on Friday, 01 April 2011 18:17

Question:

I have created a zone in my lan, where i have given 11 servers a dns address. But someone has connected 3 more(these three have only IP, not dns address), and i dont want to remove all servers to find out which ones it is.

Is there a way to make sure that only the servers with a dns-address provided by me is granted access to the internet? (block input and output)

Answer:

Reject all outgoing traffic from source IP address different than 222.111.111.222

iptables -A OUTPUT -t filter ! -s 222.111.111.222 -j REJECT

Reject all incoming traffic to destination address different than 222.111.111.222

iptables -A INPUT -t filter ! -d 222.111.111.222 -j REJECT

Note, instead of an IP address 222.111.111.222 you can supply hostname such as pc1 or pc2 however, when applying this rule, iptables will automatically resolve this into an IP address and IP address will by used instead.

Furthermore, you can supply a range of IP addresses in a single IP tables rule. However, I do not know whether your hosts are arranged in some systematic way that you can apply this rule in your scenario. Linux questions and answers

Share this linux post:

Submit Iptables to reject all INPUT and OUTPUT except specific hosts in Delicious Submit Iptables to reject all INPUT and OUTPUT except specific hosts in Digg Submit Iptables to reject all INPUT and OUTPUT except specific hosts in FaceBook Submit Iptables to reject all INPUT and OUTPUT except specific hosts in Google Bookmarks Submit Iptables to reject all INPUT and OUTPUT except specific hosts in Stumbleupon Submit Iptables to reject all INPUT and OUTPUT except specific hosts in Technorati Submit Iptables to reject all INPUT and OUTPUT except specific hosts in Twitter
 
Comments for this page are closed !!!
Please visit our new Linux Forum for additional help or discussion.
Linux eBooks FREE Download
back to top