FEDORA IPTABLES Block specific IP Address

Question

The below is the rule that i had added to my iptables.. Still the result of the below rules for me is ssh is blocked from everywhere..

Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    ACCEPT     tcp  --  1.2.3.4              anywhere             tcp dpt:ssh
    DROP       tcp  --  anywhere             anywhere             tcp dpt:ssh

    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination

    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    ACCEPT     tcp  --  anywhere             1.2.3.4               tcp dpt:ssh

this command makes sense if the global policy is to drop packets, and you open that ip address for ssh trafic only. — natxo asenjo, Feb 25 '20 at 17:25
Sorry for the typo error, @natxoasenjo , I corrected the que... I put the same but not working out for a specific IP, If i type iptables -I INPUT -p tcp --dport 22 -j DENY to deny everything it is working,Dont know where iam making mistake — Manikandan Ram, Feb 26 '20 at 04:34

score 2 · Answer 1 · answered Feb 25 '20 at 14:33

2

That command is to explicitly allow (ACCEPT) connection from a given IP address

Change the -j ACCEPT to -j DROP to deny access.

This will also depend on what your default action is.

answered Feb 25 '20 at 14:33

hardillb

1,275
1
9
19

Sorry for the typo error, @hardillb , I corrected the que... I put the same but not working out for a specific IP, If i type iptables -I INPUT -p tcp --dport 22 -j DENY to deny everything it is working – Manikandan Ram Feb 26 '20 at 04:33
Dont know where iam making mistake – Manikandan Ram Feb 26 '20 at 04:34

FEDORA IPTABLES Block specific IP Address

1 Answers1