The iptables "-s" option is for specifying the source address. If you want to limit access to a specific subnet:
> iptables -I INPUT -p tcp --dport 8000 -s 192.168.10.0/24 -j ACCEPT If you want to limit access to a single address: > iptables -I INPUT -p tcp --dport 8000 -s 192.168.10.51 -j ACCEPT If you want to limit access to multiple non-contiguous addresses or subnets: > iptables -I INPUT -p tcp --dport 8000 -s 192.168.10.51,10.2.3.0/24,8.8.8.8 -j ACCEPT On Mon, Oct 30, 2017 at 6:08 PM, Tom Luo <[email protected]> wrote: > Hi, All, > > I am running a service in Ubuntu on a port. I try to limit the number of ip > addresses which can connect to the port. For example, if the limit is set > to 1, only connect from on ip address is allowed. > If there is a connection from another ip address, it will be declined. > > The only thing I can find so far is: > iptables -I INPUT -p tcp --dport 8000 -m connlimit --connlimit-upto 200 > --connlimit-mask 0 -j ACCEPT > > However, this only limits the number of connections instead of the number > of ip addresses. > Any one knows how to do it? > > > Thanks a lot! > > Tom > _______________________________________________ > Discuss mailing list > [email protected] > http://lists.blu.org/mailman/listinfo/discuss > -- John Abreau / Executive Director, Boston Linux & Unix Email: [email protected] / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6 PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 63C6 _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
