Linux Security: Working with IP sets and iptables

Linux Security: Working with IP sets and iptables

IP Sets can facilitate the management of a complex firewall ruleset. This exercise refreshes basic skills with the iptables command and begins developing an understanding of working with IP Sets. 

Create a new IP set called ‘clienthosts’ that contains the IP and Port combinations for each client server. Be sure the ‘ipset’ is configured to persist a reboot

Run the following commands:

  • ipset create clienthosts hash:ip,port
  • ipset add clienthosts 10.0.1.100,80
  • ipset add clienthosts 10.0.1.200,80
  • ipset save clienthosts > /etc/sysconfig/ipset

Add a new rule to the INPUT chain that accepts traffic from all IP/Port combinations as source IP/destination port in the ‘clienthostsIP’ set. The rule should persist a reboot.

Run the following commands:

  • iptables -I INPUT -m set --match-set clienthosts src,dst -j ACCEPT
  • Iptables-save > /etc/sysconfig/iptables


Share Tweet Send
0 Comments
Loading...
You've successfully subscribed to Songer Tech
Great! Next, complete checkout for full access to Songer Tech
Welcome back! You've successfully signed in
Success! Your account is fully activated, you now have access to all content.