How do I use iptables to reject all traffic to localhost port 80 but allow the one that comes from local machine?
How do I use iptables to reject all traffic to localhost port 80 but allow the one that comes from local machine?
Here is my current solution that doesn't seems to block the traffic. the ip, the the ip of the local machine. If I do not put the 2nd line, all the traffic is block, and with it enabled, all the traffic is accepted ?!
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -A INPUT -p tcp --dport 80 -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -s 10.80.225.83 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j LOG --log-prefix "TCP LOGDROP: "
Just to be sure:
-
10.80.225.83
is the ip of the web server, where I want to be able to access 127.0.0.1:80 - I do want
10.80.225.83
to reject any connections on port 80, others then the ones originated from localhost.
Solution 1:
iptables -I INPUT ! -i lo -p tcp --dport 80 -j DROP
When you the traffic goes from your machine to your machine, always has the input interface "lo". It doesn't matter the src or dst IP address.