General Question

prince's avatar

What's the easiest way to restrict access to a specific port on Ubuntu?

Asked by prince (322points) June 10th, 2008

I’m looking for a command-line tool to restrict a port to a list of IP’s, all within the same domain. This needs to be really easy to modify the list of IP’s—and if it’s based on the domain, it has to be very fast. iptables?

Observing members: 0 Composing members: 0

3 Answers

mindstorms's avatar

i have heard iptables is the way to go…. i’ll see if i can’t find some resources….

looks to be a pretty long resource, if you need more help, let me know….

xyzzy's avatar

Iptables is exactly what you want:

something like this:

# allow access to that port only from specific IP addresses
sudo iptables -A INPUT -p tcp—dport YOUR_PORT_NUMBER -d IPADDRESS1 -j ACCEPT
sudo iptables -A INPUT -p tcp—dport YOUR_PORT_NUMBER -d IPADDRESS2 -j ACCEPT


# by default for everyone else, block all access to that port
sudo iptables -A INPUT -p tcp—dport YOUR_PORT_NUMBER -j REJECT

note if the IP address are contiguous, you can specify a mask along with the ipaddress. For example, will match –

be sure to read the section on “Configuration on startup” in the above link, as iptables does not load automatically on startup or reboot.

Vincentt's avatar

Ubuntu 8.04 has a new application called “uwf” (uncomplicated firewall) which is supposed to be a lot easier to setup. I haven’t tried it myself though (I prefer using graphical applications but even then I have no idea what to do in Firestarter).

Answer this question




to answer.

This question is in the General Section. Responses must be helpful and on-topic.

Your answer will be saved while you login or join.

Have a question? Ask Fluther!

What do you know more about?
Knowledge Networking @ Fluther