How To Whitelist An IP Address In IPTables
Details
To whitelist an IP address in IPTables (Linux's firewall management tool), you need to add a rule that allows incoming traffic from the specified IP address while blocking all other incoming traffic. Here's a step-by-step guide on how to do this:
Note: You should have administrative privileges (root or sudo access) to modify the firewall rules.
- Open a Terminal: Access your Linux server or computer and open a terminal window.
- Check Existing Rules (Optional): You can check your existing IPTables rules to ensure that you don't already have a rule that conflicts with the one you're going to add. You can do this with the following command:
sudo iptables -L
This command will list the current rules. Make sure to look under the INPUT chain.
sudo iptables -A INPUT -s 192.168.0.1 -j ACCEPT
This command appends a rule to the INPUT chain that accepts traffic from the specified IP address (192.168.0.1).
- -A: Appends the rule to the end of the chain.
- -s: Specifies the source IP address you want to allow.
- -j ACCEPT: Indicates that traffic from the specified IP should be accepted.
iptables -A OUTPUT -d 192.168.0.1 -j ACCEPT
This command appends a rule to the INPUT chain that accepts traffic from the specified IP address (192.168.0.1).
- -A: Appends the rule to the end of the chain.
- -d: This option sets the destination IP address for the rule
- -j ACCEPT: Indicates that traffic from the specified IP should be accepted.
sudo iptables-save > /etc/iptables/rules.v4
On CentOS/RHEL, you can use:
sudo service iptables save
sudo iptables -L
You should see your new rule allowing traffic from the specified IP address.
sudo systemctl restart iptables
Now, traffic from the whitelisted IP address (192.168.0.1 in this example) will be allowed through your firewall, while all other incoming traffic will be blocked by default. Make sure to replace 192.168.0.1 with the actual IP address you want to whitelist.