Home > System Tutorial > LINUX > body text

How to restrict port access to only specified IPs in Linux

WBOY
Release: 2024-02-09 17:54:11
forward
655 people have browsed it

This article focuses on explaining the specific method of restricting port access to only specified IPs under Linux. Friends in need can refer to it.

如何在 Linux 下限制端口仅对指定 IP 开放访问

Host service port

$ iptables -I INPUT -p tcp --dport 80 -j DROP
$ iptables -I INPUT -p tcp -s 1.2.3.4 --dport 80 -j ACCEPT
Copy after login

Only 1.2.3.4 is allowed to access port 80 of the local host.

Docker service port

For services running like docker run -d -p 80:80 shaowenchen/demo-whoami, the above method is invalid and you need to add rules in the DOCKER-USER chain.

Docker will add iptables rules to the DOCKER chain. If you need to add rules before Docker, you need to add them to the DOCKER-USER chain

$ iptables -I DOCKER-USER -i ens192 ! -s 1.2.3.4 -p tcp --dport 80 -j DROP
Copy after login

ens192 is the local network card. Only 1.2.3.4 is allowed to access port 80 of the local host.

Clean up the environment

$ yum install -y iptables-services
$ systemctl restart iptables.service
Copy after login

If you need the iptables settings to remain valid after the host is restarted, you need to install iptables-services and save

$ yum install -y iptables-services
$ service iptables save
Copy after login

The above is the detailed content of How to restrict port access to only specified IPs in Linux. For more information, please follow other related articles on the PHP Chinese website!

source:lxlinux.net
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template