I am trying to block all traffic to a webserver except from some defined subnets. I've checked numerous posts and believed I had iptables set correctly but for some reason the site is still accessible outside the subnets i've defined in the ruleset. Is anyone able to shed some light on what I may have done wrong? I've established that removing rule 3 stops the site from being reachable at all. The site itself sits in 10.10.0.0/16.
Chain INPUT (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- any any 10.10.0.0/16 anywhere
2 0 0 ACCEPT all -- any any 172.30.0.0/16 anywhere
3 0 0 ACCEPT all -- lo any anywhere anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- any lo anywhere anywhereiptables -I INPUT -i lo -j ACCEPT
iptables -I OUTPUT -o lo -j ACCEPT
iptables -I INPUT -s 10.10.0.0/16 -j ACCEPT
iptables -I INPUT -s 172.30.0.0/16 -j ACCEPT
iptables -P INPUT DROP
Asked by Jim
(1 rep)
Mar 20, 2020, 07:48 PM
Last activity: Jul 10, 2025, 07:08 AM
Last activity: Jul 10, 2025, 07:08 AM