Open port from specific source ip using ufw, iptables and firewalld

-

This is very common requirement for every linux admin while dealing with a service secuirty, Where we need to open certain port from specific source ip only.

Below is example using ufw ubuntu firewall, redhat firewalld and with generic iptables rule.

In below example i am trying to open port 9090 for only 192.168.1.2. If i wish to open it for entire subnet, i can simply provide 192.168.1.0/24  instead 192.168.1.2.


- firewalld

# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.2" port protocol="tcp" port="9090" accept'








- ufw


$ sudo ufw allow from 192.168.1.2  to any port 9090



- iptables

$ iptables -I INPUT -p tcp -s 192.168.1.2 --dport 9090 -j ACCEPT




Comments

Post a Comment

Popular posts from this blog

Running web ssh client on port 443 /80 with nginx as reverse proxy

-
Package used         : shellinabox , nginx Repository used        : epel-release Linux distro used    : Centos 7.6 nginx reverse proxy server ip : 192.168.1.65 shellinabox web ssh server ip : 192.168.1.111 login to web ssh server first install epel-repo # yum install epel-release -y install shellinabox package # yum -y install shellinabox start and enable shellinaboxd service # systemctl enable shellinaboxd && systemctl start shellinaboxd By default shellinaboxd service starts with ssl port 4200 for us to run this in a reverse proxy environment need to make this as insecure hence the encryption will be done by nginx to end user. edit file /etc/sysconfig/shellinabox  like bellow- USER=shellinabox GROUP=shellinabox CERTDIR=/var/lib/shellinabox PORT=4200 OPTS="--disable-ssl-menu -s /:LOGIN" OPTS="-t -s /:SSH:192.168.1.111" save file exit and restart service # systemctl restart shellinaboxd Now open firewall for listening port 4200 from nginx proxy server only #
Read more

Running cockpit behind nginx reverse proxy with nginx ssl and cockpit non ssl

-
Domain for web access to cockpit : cockpit.mylab.local cockpit server ip : 192.168.1.61 nginx server ip   : 192.168.1.65 Linux distro using is Centos 7.6 Login to cockpit server Create a file [root@repo ~]# vim /etc/cockpit/cockpit.conf content will be like [WebService] Origins = https://cockpit.mylab.local wss://cockpit.mylab.local ProtocolHeader = X-Forwarded-Proto AllowUnencrypted = true save and restart cockpit # systemctl restart cockpit now  login to your nginx webserver and install nginx # yum install nginx -y create a new file vim /etc/nginx/conf.d/cockpit.conf paste content as bellow server {     listen         80;     listen         443 ssl http2;     server_name    cockpit.mylab.local;     ssl_certificate /etc/ssl/certs/cockpit-selfsigned.crt;     ssl_certificate_key  /etc/ssl/private/cockpit-selfsigned.key;     location / {         proxy_pass http://192.168.1.61:9090;         proxy_set_header Host $host;         proxy_http_version 1.1;
Read more

Setup VOD streaming server with nginx using RTMP on Ubuntu 18.04

-
Install required packages for source code nginx build # apt-get install -y build-essential ca-certificates wget curl libpcre3 libpcre3-dev autoconf unzip automake libtool tar git libssl-dev zlib1g-dev uuid-dev lsb-release vim htop sysstat ufw fail2ban makepasswd libgd-dev libgeoip-dev -y create a directory # mkdir /usr/local/src/nginx/ # cd /usr/local/src/nginx/ download and extract nginx tar # wget -qO- http://nginx.org/download/nginx-1.14.2.tar.gz | tar zxf - clone nginx rtmp module # git clone https://github.com/arut/nginx-rtmp-module Download other modules - PCRE version 8.42 # wget https://ftp.pcre.org/pub/pcre/pcre-8.42.tar.gz && tar xzvf pcre-8.42.tar.gz - zlib version 1.2.11 # wget https://www.zlib.net/zlib-1.2.11.tar.gz && tar xzvf zlib-1.2.11.tar.gz - OpenSSL version 1.1.0h # wget https://www.openssl.org/source/openssl-1.1.0h.tar.gz && tar xzvf openssl-1.1.0h.tar.gz # cd nginx-1.14.2/ configure  nginx with modules and options # ./configure --add-modu
Read more