What's the easiest way to restrict access to a specific port on Ubuntu?

Asked by prince (322

) June 10th, 2008

I’m looking for a command-line tool to restrict a port to a list of IP’s, all within the same domain. This needs to be really easy to modify the list of IP’s—and if it’s based on the domain, it has to be very fast. iptables?

Observing members: 0

Composing members: 0

3 Answers

i have heard iptables is the way to go…. i’ll see if i can’t find some resources….

http://iptables-tutorial.frozentux.net/iptables-tutorial.html

looks to be a pretty long resource, if you need more help, let me know….

mindstorms (48

)“Great Answer” (0

) Flag as…

Iptables is exactly what you want:

https://help.ubuntu.com/community/IptablesHowTo

something like this:

# allow access to that port only from specific IP addresses
sudo iptables -A INPUT -p tcp—dport YOUR_PORT_NUMBER -d IPADDRESS1 -j ACCEPT
sudo iptables -A INPUT -p tcp—dport YOUR_PORT_NUMBER -d IPADDRESS2 -j ACCEPT

etc.

# by default for everyone else, block all access to that port
sudo iptables -A INPUT -p tcp—dport YOUR_PORT_NUMBER -j REJECT

note if the IP address are contiguous, you can specify a mask along with the ipaddress. For example, 192.168.0.1/30 will match 192.168.0.0 – 192.168.0.3.

be sure to read the section on “Configuration on startup” in the above link, as iptables does not load automatically on startup or reboot.

xyzzy (661

)“Great Answer” (0

) Flag as…

Ubuntu 8.04 has a new application called “uwf” (uncomplicated firewall) which is supposed to be a lot easier to setup. I haven’t tried it myself though (I prefer using graphical applications but even then I have no idea what to do in Firestarter).

Vincentt (8094

)“Great Answer” (0

) Flag as…