Linux uses iptables to limit multiple IPs from accessing your server

Preface

In the Linux kernel, netfilter is a subsystem responsible for packet filtering, network address translation (NAT), and connection tracking based on protocol types. This subsystem consists of some packet filtering tables, which contain the rule sets used by the kernel to control packet filtering processing. iptables is a tool for managing netfilter.

Multiple consecutive IP operations

1. Split into multiple commands to run

iptables -A INPUT 192.168.122.2 -j ACCEPT 
iptables -A INPUT 192.168.122.3 -j ACCEPT 
iptables -A INPUT 192.168.122.4 -j ACCEPT 
iptables -A INPUT 192.168.122.5 -j ACCEPT 
....

This method requires writing many commands, and will make the iptables table very long and difficult to manage. Moreover, a large number of commands will have a small (negligible) impact on performance.

2. Access control can be performed on the IP of an IP segment in the form of IP/MASK

iptables -A INPUT 192.168.122.0/24 -j ACCEPT

This method requires calculating the specified source code for the IP range, which is not flexible. (Although many users use this method for convenience, excessive authorization will pose a security risk)

3. iptables has many modules, among which iprange is used to specifically handle access control of continuous IP segments

iptables -A INPUT -m iprange --src-range 192.168.122.2-192.168.122.34 -j ACCEPT #match source IP
iptables -A INPUT -m iprange --dest-range 8.8.8.2-8.8.8.22 -j DROP #match the target IP

This method is more flexible. There is no need to calculate the mask, just give the range directly.

Summarize

Currently, the official does not seem to support discontinuous IPs, but some people have added modules to support discontinuous IPs.

Personally, I think that if you want to manage the iptables list well, you still have to organize it first and then restrict it. If you need to use continuous IPs, use the above method. If they are not continuous, you should write multiple commands honestly. Moreover, if there are more machines, you have to install modules, which may affect the stability of the system.

recommend:

Interested friends can follow the editor’s WeChat public account [ Coder’s Stuff ] for more web page production special effects source code and learning materials! ! !

The above is what I introduced to you about using iptables in Linux to limit multiple IPs from accessing your server. I hope it will be helpful to you. If you have any questions, please leave me a message and I will reply to you in time. I would also like to thank everyone for their support of the 123WORDPRESS.COM website!

You may also be interested in:

How to use firewall iptables strategy to forward ports on Linux servers
Detailed explanation of Linux iptables common firewall rules
Basic usage tutorial of IPTABLES firewall in LINUX
Detailed explanation of Linux iptables command
Summary of how to view, add, delete and modify iptables rules of Linux firewall
Detailed explanation of the common commands for banning and unblocking IPs in Linux firewall iptables
Examples of iptables blocking and opening ports in Linux
Detailed explanation of Docker using Linux iptables and Interfaces to manage container networks
Linux vps server common service iptables strategy
How to use iptables to configure Linux to prohibit all port logins and open specified ports
Solution to the lack of iptables files in the /etc/sysconfig directory of the newly installed Linux system
How to use iptables to set security policies on Alibaba Cloud Linux servers
Linux defends against DDOS attacks by limiting TCP connections and frequencies through iptables
Configuration method of resisting brute force cracking through iptables+Denyhost on Linux server
Linux firewall iptables introductory tutorial
Example of adding iptables firewall rules in Linux
Linux firewall iptables detailed introduction, configuration method and case

<<: MySQL Optimization: Cache Optimization

>>: MySQL optimization connection optimization

Solve the problem of inconsistency between mysql time and system time in docker

Linux uses iptables to limit multiple IPs from accessing your server

Solve the problem of inconsistency between mysql time and system time in docker

Example of implementing load balancing with Nginx+SpringBoot

Detailed explanation of query examples within subqueries in MySql

Detailed steps for developing WeChat mini-programs using Typescript

Docker deployment of Kafka and Spring Kafka implementation

Detailed process of installing the docker plugin in IntelliJ IDEA (2018 version)

Develop calculator example code using native javascript

Solution for mobile browsers not supporting position: fix

What is the function of !-- -- in HTML page style?

Implementation of CSS3 button border animation

Recommend

Steps for Django to connect to local MySQL database (pycharm)

Detailed explanation of the difference between the default value of the CSS attribute width: auto and width: 100%

CSS3 implementation example of rotating only the background image 180 degrees

A brief analysis of the use of the HTML webpack plugin

Talk about important subdirectory issues in Linux system

MySQL 8.0.12 installation graphic tutorial

Tutorial on installing Tomcat server under Windows

Organize the common knowledge points of CocosCreator

A brief discussion on simulating multi-threaded and multi-process crashes in Linux

Installation steps of Ubuntu 20.04 double pinyin input method

Example of implementing the skeleton screen of WeChat applet

Detailed explanation of using tcpdump command to capture and analyze data packets in Linux

Tutorial diagram of building a Hadoop high-availability cluster based on ZooKeeper

CSS Tutorial: CSS Attribute Media Type

Bootstrap FileInput implements image upload function