This article focuses on explaining the specific method of restricting port access to only specified IPs under Linux. Friends in need can refer to it.
$ iptables -I INPUT -p tcp --dport 80 -j DROP $ iptables -I INPUT -p tcp -s 1.2.3.4 --dport 80 -j ACCEPT
Only 1.2.3.4
is allowed to access port 80 of the local host.
For services running like docker run -d -p 80:80 shaowenchen/demo-whoami
, the above method is invalid and you need to add rules in the DOCKER-USER chain.
Docker will add iptables rules to the DOCKER chain. If you need to add rules before Docker, you need to add them to the DOCKER-USER chain
$ iptables -I DOCKER-USER -i ens192 ! -s 1.2.3.4 -p tcp --dport 80 -j DROP
ens192 is the local network card. Only 1.2.3.4
is allowed to access port 80 of the local host.
$ yum install -y iptables-services $ systemctl restart iptables.service
If you need the iptables settings to remain valid after the host is restarted, you need to install iptables-services
and save
$ yum install -y iptables-services $ service iptables save
The above is the detailed content of How to restrict port access to only specified IPs in Linux. For more information, please follow other related articles on the PHP Chinese website!