Easiest/best way to only allow certain IP ranges for access

ubuntu ubuntu-20.04

I'm looking for the easiest/best way to only certain IP ranges to access my Ubuntu 20.04 installation. I would mainly like this so I can block web traffic (apache), but a full server block would be best.

I realize that a hardware option is best for this, but I can't afford that. I also realize that 'easiest' and 'best' don't always go together.

Also, does having more IP ranges slow down the server?

Any help would be appreciated.


You can filter all IP traffic except the one you want quite easily on most Linux installations. Remember that when doing this you might lose access to server.

Here is a small base that might work.

# Allow some related traffic
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow single source ip
iptables -A INPUT -s x.x.x.x/net -j ACCEPT
# Drop everything else
iptables -P INPUT DROP

Before running the last drop line which activates everything, you can use iptables -vnL which shows you counters for when rule matches, make sure that it does.

Doing ip-filtering does use CPU cycles, but so does answering any packets. This is almost never a concern unless you are doing complex rules on high throughput. this is not complex rules.

Related

Python Import Error - No module
SoftEther VPN has very slow download, while upload is high
Support with configuring bind9 DNS server for a private network
How to kill a process running under SYSTEM account in the Windows Server?
SSH public key authentication with google authenticator still asks for password
Websites getting down every day on VPS Server
Can varnish serve from a port and clone the request to another port?
How add SSL/443 to Apache server without virtual host?
Nginx sending 301 when using proxy_pass
Run inotifywait in background
What do the dialogue in the "visual novel" monsters mean and what do they allude to?
How to land accurately with a plane?