Firewall source address filtering

Source address filtering

You can restricted the access of a particular service to a limited set of source networks, IP @.

Single port filter

# Only allow company's offices to access our Tomcat
$IPTABLES -A INPUT -p tcp --dport 8088 -s -j ACCEPT           # Sweden LAN
$IPTABLES -A INPUT -p tcp --dport 8088 -s -j ACCEPT           # FR remote
$IPTABLES -A INPUT -p tcp --dport 8088 -s -j ACCEPT          # FR remote
$IPTABLES -A INPUT -p tcp --dport 8088 -s -j ACCEPT         # DK remote
$IPTABLES -A INPUT -p tcp --dport 8088 -s -j DROP             # DROP all the rest !

Don't forget to drop all the rest at the end  !!

Multiple ports filter: using for loop

This is a more advanced version. This will use a for loop to generate a set of rules for each source IP.

ALLOWED_REMOTE_IPS=(            # French office               # Sweden               # Sweden                # French RTD preprod [VPN]

# enable access to services (HTTP)
for ipList in ${ALLOWED_REMOTE_IPS[@]}
$IPTABLES -A INPUT -p tcp --dport 80 -s $ipList -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 443 -s $ipList -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 8080 -s $ipList -j ACCEPT
# disable for everyone else
$IPTABLES -A INPUT -p tcp -m tcp -s --dport 80 -j DROP
$IPTABLES -A INPUT -p tcp -m tcp -s --dport 443 -j DROP
$IPTABLES -A INPUT -p tcp -m tcp -s --dport 8080 -j DROP

Block an IP address or network

Block IP

To block a specific IP address:


Block network

To block a network