[lug] quick iptables rule question
Jeff Schroeder
jeff at neobox.net
Wed Nov 19 12:30:02 MST 2003
Ryan asked:
> i got it to fwd port 9090 -> 80, but is there a way to create the
> rule so that that port only accepts traffic from a certain external
> IP?
>
> iptables -A PREROUTING -t nat -p tcp -j DNAT --dport 9090
> --to-destination xxx.xxx.xxx.xxx:80
Insert a -s (for "source") with the IP, thus:
-s 204.144.150.12
You can also use netmasks if you'd like to permit a certain IP range:
-s 204.144.150.0/24
Or even block a specific IP using the ! operator:
-s ! 150.55.10.2
HTH,
Jeff
More information about the LUG
mailing list