Have a staging server.

Want to disallow all connections to the server unless connecting from a specific ip(s).

Any example of how to do this? And would I just append it to the end of my iptables file or no? I have current rules in there now that were automatic and something with fail2ban as well.

I googled your question verbatim and this was the 2nd result:

http://serverfault.com/questions/161401 ... h-iptables

The order of your rules depend strictly on which order you want them processed. Being an IP filter, it can go at the beginning.

Let me know if I can help you more.

So at the beginning I have to do something like:

iptables -A INPUT -i eth1 -s 10.50.0.0/16 -j ACCEPT


Ok.

#1 how do I know what goes after -i (the eth1 part). How do I know if it's eth1 or eth0?

-s can be a straight ip without subnet?

That's all I need?

If you look at the iptables manual you will find -i and -s in the PARAMETERS section. It should explain how these two options work in detail.

You can use "ip link" to list the interfaces on your server and find out which one should be added after -i.

If you're going to open up /16 ranges - why bother locking it down?

_________________
Either provide enough details for people to help, or sit back and listen to the crickets chirp.
Security thru obscurity is a myth - and really really annoying.

I only want to allow one ip but I can't seem to figure it out.

If you want step by step, it'd help if you told people what Distro you're using.

_________________
Either provide enough details for people to help, or sit back and listen to the crickets chirp.
Security thru obscurity is a myth - and really really annoying.