Force Specific Client iptables
Posted: Mon Apr 03, 2023 1:15 pm
Hello and apologies if this has been covered elsewhere, but i couldn't find it.
I wish to enforce all clients connecting in too only be able to access the network on certain protocols/ports.
Here are the rules i wish to enforce:
Iptables -A FORWARD -p udp -m multiport --dports 6073,2300:2400,47624 -s 10.21.60.0/24 -d 10.21.60.0/24 -j ACCEPT
Iptables -A FORWARD -p tcp -m multiport --dports 6073,2300:2400,47624 -s 10.21.60.0/24 -d 10.21.60.0/24 -j ACCEPT
Iptables -A FORWARD -p udp -m multiport --sports 6073,2300:2400,47624 -s 10.21.60.0/24 -d 10.21.60.0/24 -j ACCEPT
Iptables -A FORWARD -p tcp -m multiport --sports 6073,2300:2400,47624 -s 10.21.60.0/24 -d 10.21.60.0/24 -j ACCEPT
Iptables -A FORWARD -p icmp -s 10.21.60.0/24 -d 10.21.60.0/24 -j ACCEPT
Iptables -A FORWARD -j 10.21.60.0/24 -d 10.21.60.0/24 -j DROP
How do i implement this?
I've seen this example firewall file but i have no idea where to place it.
I wish to enforce all clients connecting in too only be able to access the network on certain protocols/ports.
Here are the rules i wish to enforce:
Iptables -A FORWARD -p udp -m multiport --dports 6073,2300:2400,47624 -s 10.21.60.0/24 -d 10.21.60.0/24 -j ACCEPT
Iptables -A FORWARD -p tcp -m multiport --dports 6073,2300:2400,47624 -s 10.21.60.0/24 -d 10.21.60.0/24 -j ACCEPT
Iptables -A FORWARD -p udp -m multiport --sports 6073,2300:2400,47624 -s 10.21.60.0/24 -d 10.21.60.0/24 -j ACCEPT
Iptables -A FORWARD -p tcp -m multiport --sports 6073,2300:2400,47624 -s 10.21.60.0/24 -d 10.21.60.0/24 -j ACCEPT
Iptables -A FORWARD -p icmp -s 10.21.60.0/24 -d 10.21.60.0/24 -j ACCEPT
Iptables -A FORWARD -j 10.21.60.0/24 -d 10.21.60.0/24 -j DROP
How do i implement this?
I've seen this example firewall file but i have no idea where to place it.