Results 1 to 5 of 5

Thread: Iptables allow certains IPs & block everyone else

  1. #1

    Default Iptables allow certains IPs & block everyone else

    I would like to allow certain IPs to access my server (any port, any service and any protocol) and deny every one else. How do I do this via Yast?

    Thanks.

  2. #2
    Join Date
    Mar 2008
    Location
    Oz
    Posts
    11,727
    Blog Entries
    2

    Default Re: Iptables allow certains IPs & block everyone else

    This might be useful:

    In the firewall script there is this information:
    ## Type: string
    #
    # 10.)
    # Which services should be accessible from 'trusted' hosts or nets?
    #
    # Define trusted hosts or networks (doesn't matter whether they are internal or
    # external) and the services (tcp,udp,icmp) they are allowed to use. This can
    # be used instead of FW_SERVICES_* for further access restriction. Please note
    # that this is no replacement for authentication since IP addresses can be
    # spoofed. Also note that trusted hosts/nets are not allowed to ping the
    # firewall until you also permit icmp.
    #
    # Format: space separated list of network[,protocol[,port]]
    # in case of icmp, port means the icmp type
    #
    # Example: "172.20.1.1 172.20.0.0/16 1.1.1.1,icmp 2.2.2.2,tcp,22"
    #
    FW_TRUSTED_NETS=""
    So it seems to me that you could allow IP addresses like so:
    FW_TRUSTED_NETS="192.168.1.0/24 10.0.0.99" would allow all of the 192.168.1.x series plus the individual IP 10.0.0.99.

    You can set that in Yast --> System -> /etc/sysconfig editor --> network --> firewall --> susefirewall2 --> FW_TRUSTED_NETS

    Try it out. Might help your problem.
    Leap 42.3 & 15.1(Beta) &KDE
    FYIs from the days of yore

  3. #3
    Join Date
    Sep 2008
    Location
    Dubai
    Posts
    1,770

    Default Re: Iptables allow certains IPs & block everyone else

    The "catch all" rule is "deny". That means, if you enable firewall, all except the defined ones will be "deny".

    The, you go to "custom rules" setting and add the IP addresses you want to allow (one entry for TCP and one entry for UDP). I think, you can leave the port range blank. (If it is not allowing, give the full range 1:65536).
    openSUSE 12.3 (x86_64) with Kernel 3.7.10-1.16-desktop and KDE 4.11.2 on MacBook Pro
    Latest MS Windows version used: Win95

  4. #4
    Join Date
    Sep 2008
    Location
    Dubai
    Posts
    1,770

    Default Re: Iptables allow certains IPs & block everyone else

    @swerdna
    Your option is better. I don't generally use Yast firewall and just use iptables directly. Yast firewall seems to generate a lot of rules, may be because it is written as very generic.
    openSUSE 12.3 (x86_64) with Kernel 3.7.10-1.16-desktop and KDE 4.11.2 on MacBook Pro
    Latest MS Windows version used: Win95

  5. #5

    Default Re: Iptables allow certains IPs & block everyone else

    Quote Originally Posted by swerdna View Post
    This might be useful:

    In the firewall script there is this information:

    So it seems to me that you could allow IP addresses like so:
    FW_TRUSTED_NETS="192.168.1.0/24 10.0.0.99" would allow all of the 192.168.1.x series plus the individual IP 10.0.0.99.

    You can set that in Yast --> System -> /etc/sysconfig editor --> network --> firewall --> susefirewall2 --> FW_TRUSTED_NETS

    Try it out. Might help your problem.
    Thanks. This solved the problem.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •