I would like to restrict port 80 and 443 of ovh servers to a single ip. I have tried adding iptables rules and tried messing about with hosts.allow and hosts.deny, but nothing seems to work.
Asked
Active
Viewed 704 times
2 Answers
0
They should work but you probably do something wrong. Would be better to provide us the way you try to do it so we can see if it's wrong or not. Your question is kinda generic "ovh servers". I suppose you are referring to an ovh server and not to all of them.
Bogdan Stoica
- 4,349
- 2
- 23
- 38
-
I was referring to a XenServer provided by OVH. The Rules i have added are as folllows -A INPUT -s "allowed source ip" -p tcp --dport 80 -j ACCEPT -A INPUT -s "allowed source ip" -p tcp --dport 443 -j ACCEPT – Athul Krishna Feb 02 '17 at 16:27
-
The default iptables policy is most probably accept all. You have to create rules for the desired ip address like you did and then add a drop rule for everything else. Keep in mind that you also need an accept rule for ssh from your ip address otherwise you will cut off your access to the server. So add an accept rule with source ip for ports 80 and 443, add dropor reject rules for the same ports for any other ip – Bogdan Stoica Feb 02 '17 at 16:34
-
You should do an iptables -nvL to see the exact rules that you have at that moment on the server – Bogdan Stoica Feb 03 '17 at 21:17
0
iptables -A INPUT -p all -s your_ip -j ACCEPT iptables -A INPUT -s ip_address -p tcp --dport 80 -j ACCEPT iptables -A INPUT -s ip_address -p tcp --dport 443 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j DROP iptables -A INPUT -p tcp --dport 443 -j DROP
your_ip is the ip address your are connecting to the server via ssh ip_address is the ip address you want to allow ports 80 and 443
Give it a try! Sorry for any wrong typos, I'm writing from my phone
Bogdan Stoica
- 4,349
- 2
- 23
- 38