How to close certain TCP/UDP ports (incoming) for ALL networks except listed through IPTABLES

Question

How to close certain TCP/UDP ports (incoming) for ALL networks except listed through IPTABLES.

I have a small set of NETWORKS I'd like to leave THE ports to be open. But want to close for all other networks.

Thank you!

Can you please clarify your question? You can give an example if possible. — Khaled, Nov 25 '10 at 08:17

score 0 · Accepted Answer · answered Nov 25 '10 at 10:35

0

Simply put an ACCEPT rule before you DROP/REJECT. For example

iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP

will allow connection to TCP port 80 from 192.168.1.0/24 network while dropping all other connections to the port.

answered Nov 25 '10 at 10:35

Daniele Santi

// , If there are existing TCP connections on the DROPped ports, though, will this drop them? – Nathan Basanese Jun 22 '16 at 23:56

score 0 · Answer 2 · answered Nov 25 '10 at 16:03

Set accept rules for all of the traffic that you want to allow through and then have a deny rule for everything else.

iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited

Allows traffic to port 80 and rejects everything else.

2 Answers2