[Discuss] Limit the number of ip addresses which can connect to a port

[abreauj at gmail.com (John Abreau)]

The iptables "-s" option is for specifying the source address.

If you want to limit access to a specific subnet:

> iptables -I INPUT -p tcp --dport 8000 -s 192.168.10.0/24 -j ACCEPT

If you want to limit access to a single address:

> iptables -I INPUT -p tcp --dport 8000 -s 192.168.10.51 -j ACCEPT

If you want to limit access to multiple non-contiguous addresses or subnets:

> iptables -I INPUT -p tcp --dport 8000 -s 192.168.10.51,10.2.3.0/24,8.8.8.8
-j ACCEPT





On Mon, Oct 30, 2017 at 6:08 PM, Tom Luo <mariolzx at gmail.com> wrote:

> Hi, All,
>
> I am running a service in Ubuntu on a port. I try to limit the number of ip
> addresses which can connect to the port. For example, if the limit is set
> to 1, only connect from on ip address is allowed.
> If there is a connection from another ip address, it will be declined.
>
> The only thing I can find so far is:
> iptables -I INPUT -p tcp --dport 8000 -m connlimit --connlimit-upto 200
> --connlimit-mask 0 -j ACCEPT
>
> However, this only limits the number of connections instead of the number
> of ip addresses.
> Any one knows how to do it?
>
>
> Thanks a lot!
>
> Tom
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>



-- 
John Abreau / Executive Director, Boston Linux & Unix
Email: abreauj at gmail.com / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6
PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23  C2D0 E885 E17C 9200 63C6