You are not logged in.

Pages: 1

#1 2015-03-09 16:41:26

Lockheed
Member
Registered: 2010-03-16
Posts: 1,542

iptables rule help

I have several network interfaces in my server. What I need is a rule, which does all of the following:

1. will block all traffic...
2. ...only on interface enp2s0...
3.  ... and ONLY if this interface's IP is in the range of 192.168.11.x
4. It needs to allow any traffic if this interface's IP is 192.168.7.x (but it is not necessary to exclude every other IP range with the exception of the one from point 3.)

Is such a rule even possible?

Offline

#2 2015-03-09 19:40:49

brebs
Member
Registered: 2007-04-03
Posts: 3,742

Re: iptables rule help

Of course it's possible to do what you want - iptables is very flexible.

Remember that the rules are interpreted in strict order - this is very important. See the rules in order:

iptables-save

Problem number 1 of 1: You haven't stated what you want in an easily-understandable, unambiguous way wink

Offline

#3 2015-03-09 19:49:29

EscapedNull
Member
Registered: 2013-12-04
Posts: 129

Re: iptables rule help

iptables -A OUTPUT -o enp2s0 -d 192.168.11.0/24 -j REJECT
iptables -A OUTPUT -o enp2s0 -d 192.168.7.0/24 -j ACCEPT
iptables -P OUTPUT ACCEPT

Is that what you meant? See iptables(8).

Offline

#4 2015-03-09 21:01:29

Lockheed
Member
Registered: 2010-03-16
Posts: 1,542

Re: iptables rule help

brebs wrote:

Problem number 1 of 1: You haven't stated what you want in an easily-understandable, unambiguous way wink

I am surprised you find it ambiguous as I went to some lenghts to make it easily-understandable and unambiguous. What in particular did you find confusing?


@EscapedNull,
Yes, kind off. But I am more concerned about blocking INPUT than OUTPUT traffic.

Did I get this right?

iptables -A OUTPUT -o enp2s0 -d 192.168.11.0/24 -j REJECT
iptables -A OUTPUT -o enp2s0 -d 192.168.7.0/24 -j ACCEPT
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i enp2s0 -d 192.168.11.0/24 -j REJECT
iptables -A INPUT -i enp2s0 -d 192.168.7.0/24 -j ACCEPT
iptables -P INPUT ACCEPT

Will it not restrict traffic from, say, 192.168.9.0/24?

Offline

#5 2015-03-09 21:31:30

brebs
Member
Registered: 2007-04-03
Posts: 3,742

Re: iptables rule help

Lockheed wrote:

iptables -A INPUT -i enp2s0 -d 192.168.7.0/24 -j ACCEPT
iptables -P INPUT ACCEPT

It's pointless to ACCEPT, as the final rule, when the default (i.e. "policy") is to accept anyway.

Offline

Pages: 1

Board footer

Powered by FluxBB