I want to allow all connections from a specific IP address but I'm failing.
OS: Ubuntu Server 16.04. (incoming and outgoing server)
I have executed these commands:
iptables -I INPUT -p tcp -s 192.168.0.45 -j ACCEPT
iptables -I OUTPUT -p tcp -d 192.168.0.45 -j ACCEPT
service netfilter-persistent save
/etc/init.d/netfilter-persistent restart
But it is not working.
This is what my rules.v4
looks like:
# Generated by iptables-save v1.6.0 on Thu Jun 22 08:48:43 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -s 192.168.0.45/32 -p tcp -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9100 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8025 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i tun0 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 17000 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -d 192.168.0.45/32 -p tcp -j ACCEPT
-A OUTPUT -j ACCEPT
COMMIT
# Completed on Thu Jun 22 08:48:43 2017
I'm receiving all connections only if I flush all with
iptables -F
How to properly allow all connections from specific IP address?
Best Answer
"All connections" means don't match tcp on your specific IP allow rule!
Just remove
-p tcp
and you'll have ping (ICMP) and all the other IP protocol stuff allowed.Also please note that the OUTPUT rule here is not useful. With the first rule you allow tcp to 192.168.0.45, with the second one you allow anything to anybody. So the first one has no effect!
In order to get what you want edit the input rule:
And remove the OUTPUT rule you made for 192.168.0.45.