(Photo: Jordan W)
I have been doing some housekeeping on my VPS, and decided there’s a few ports that should only be accessed by certain IP addresses for security purposes.
My VPS uses Linux, so I had to find a way to somehow changing my iptables settings to block the specific ports to every IP address, except for the ones I specified.
It’s pretty straight forward, and here how you can block a specific port to everyone except for some IP addresses (the instructions are for Centos 5.5, but should work for other distros without problems):
Open our iptables settings file:
sudo nano /etc/sysconfig/iptables
Above your ACCEPT settings, include:
#IPs accepted to access port 5000 -A INPUT -p tcp -s 127.0.0.1 --dport 5000 -j ACCEPT -A INPUT -p tcp -s 220.127.116.11 --dport 5000 -j ACCEPT -A INPUT -p tcp -s 18.104.22.168 --dport 5000 -j ACCEPT
On the lines above, I create one exception per IP, as all of the IP’s I want to access port 5000 are different and come from different geolocations. I could use a range of IP’s as well:
-A INPUT -p tcp -s iprange -src-range 22.214.171.124-126.96.36.199 -dport 5000 -j ACCEPT
Therefore, it would aggregate all the IP’s starting at 188.8.131.52 until 184.108.40.206.
After making all my changes, I simply restart iptables:
service iptables restart