Results 1 to 4 of 4

Thread: Allow services only through specific IPs

  1. #1
    Join Date
    Aug 2013

    Allow services only through specific IPs


    I have a server with 2 Ethernet ports that are enable to different IP addresses. I need to block SSH services on one, but allow from the other side. I also have another service on one side that needs to only run through the one ethernet port. Would I have to do this in network configs or through UFW?


  2. #2
    Join Date
    Jul 2013

    Re: Allow services only through specific IPs


    think you can do that with ufw/iptables.

  3. #3
    prodigy_ is offline May the Ubuntu Be With You!
    Join Date
    Mar 2008

    Re: Allow services only through specific IPs

    You can specify SSH settings in /etc/ssh/sshd_config file including which interfaces/addresses it should bind itself to.

  4. #4
    Join Date
    Nov 2008
    Metro Boston
    Kubuntu 14.04 Trusty Tahr

    Re: Allow services only through specific IPs

    If one of the interfaces connects to the public Internet, it should have a firewall with an INPUT DROP policy to block all incoming connections. Then you can add individual rules to open specific ports.

    /sbin/iptables -P INPUT DROP
    /sbin/iptables -A INPUT -i eth1 -p tcp --dport 22 -j ACCEPT
    The first rule blocks everything by default. The second rule allows SSH connections that arrive on eth1. You might also want to consider whether to block forwarding by default (if you permit forwarding in /etc/sysctl.conf) and only allow packets to be forwarded in specific circumstances. See "man iptables" for details.
    If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts