How to set iptables to allow communication from a specific IP address only with a specific port number
Although it may not be used much these days, I will summarize the setting method that allows communication from a specific IP address only with a specific port number with the slightly old firewall software "iptables" of Linux OS. The procedure for opening the "https protocol" (port 443) with iptables of CentOS 6 will be described below as an example.
Procedure to add a setting to allow communication from a specific IP address only on port 443 (https) on CentOS 6
1. Check the current iptables settings. (Check that the settings to be added from now on have not been set.)
# iptables -L
2. Add settings to iptables.
# iptables -A INPUT -p tcp -s Specific IP address to allow --dport 443 -j ACCEPT
Example: If "Specific IP address to allow" is "192.168.2.10", execute the following command.
# iptables -A INPUT -p tcp -s 192.168.2.10 --dport 443 -j ACCEPT
3. Save the iptables settings.
# /etc/init.d/iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
4. Restart the iptables service for the settings to take effect.
# /etc/init.d/iptables restart
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
5. Confirm that the iptables settings have been changed.
# iptables -L
For reference, the procedure for deleting the settings added to iptables is also described below.
Procedure to remove the setting that allows communication from a specific IP address only on port 443 (https) on CentOS 6
1. Check the current iptables settings. (Make sure that there is a setting to be deleted.)
# iptables -L
2. Add settings to iptables.
# iptables -D INPUT -p tcp -s Specific IP address to allow --dport 443 -j ACCEPT
Example: If "Specific IP address to allow" is "192.168.2.10", execute the following command.
# iptables -D INPUT -p tcp -s 192.168.2.10 --dport 443 -j ACCEPT
* When the setting was added, it was "iptables -A", but when the setting was deleted, it became "iptables -D".
3. Save the iptables settings.
# /etc/init.d/iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
4. Restart the iptables service for the settings to take effect.
# /etc/init.d/iptables restart
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
5. Confirm that the iptables settings have been changed.
# iptables -L