[lug] quick iptables rule question

Jeff Schroeder jeff at neobox.net
Wed Nov 19 12:30:02 MST 2003


Ryan asked:

> i got it to fwd port 9090 -> 80, but is there a way to create the
> rule so that that port only accepts traffic from a certain external
> IP?
>
> iptables -A PREROUTING -t nat -p tcp -j DNAT --dport 9090
> --to-destination xxx.xxx.xxx.xxx:80

Insert a -s (for "source") with the IP, thus:

-s 204.144.150.12

You can also use netmasks if you'd like to permit a certain IP range:

-s 204.144.150.0/24

Or even block a specific IP using the ! operator:

-s ! 150.55.10.2

HTH,
Jeff




More information about the LUG mailing list