Aug 11, 2011
tom

Allow iptables to allow ip range only on specifc port

Question

In this question I see a line like this that will allow me to say “allow these ip addresses to connect”

iptables -A INPUT -m iprange --src-range 10.50.10.20-80 -j ACCEPT

Now, I want to further secure this so that this rule only applies to specific ports. I’ve been using a command like this for my regular ports:

iptables -A INPUT -p tcp --dport 80 -j ACCEPT

Can I combine these two to make a specific port allowed only for a range, like this

iptables -A INPUT -m iprange --src-range 10.50.10.20-80 --dport 12345 -j ACCEPT

Obviously I’m hesitant to just make iptables calls willy-nilly. :) Thanks!

Answer

The last line you have in there should work, you just need to make sure you have a
-p protocol in there, as –dport doesn’t work as a option on its own.

iptables -A INPUT -m iprange --src-range 10.50.10.20-80 -p tcp --dport 12345 -j ACCEPT

Related posts:

  1. Multiple web-services all running on port 80 with IPTABLES
  2. Problem with sendmail combined with iptables
  3. IPtables block port 8080 but not for localhost
  4. iptables -p all –dport
  5. Help on configuring iptables for openvpn

Leave a comment