Quick UNIX question...how can I only accept connections on port 1234 from a certain IP?

[J3anyus]

I have a UNIX box at work (running Redhat 7.1) that needs to accept connections from a certain IP on a certain port, and I don't want any other IPs to be able to establish connections on that port. So, basically, I want all connections from IP 123.123.123.123 directed at port 1234 to be accepted, but all connections to port 1234 from other IPs to be refused. I think this is set up either in one of the hosts files or else iptables, but I haven't done much stuff like this before so I don't know. Can anyone help me out? Thanks.

J3

 

[bwass24]

Do a google search on TCP wrappers. That's exactly what you're looking for.

Enjoy!

 

[jhu]

you can just edit the /etc/hosts.allow and /etc/hosts.deny files

 

[bwass24]

you can just edit the /etc/hosts.allow and /etc/hosts.deny files

/etc/hosts.allow and .deny will not allow you to specify a specific port. Only the host ip address.

 

[manly]

man iptables

With Red Hat, you'll probably have to cook up your own custom iptables firewall. On SuSE, the package SuSEfirewall2 implements a flexible, general purpose firewall customizable for various situations, including the one you need.

SuSEfirewall2 is just a shell script, so it should be portable to Red Hat if you have good scripting/sysadmin skills and want to give it a try.

Red Hat Linux does have built-in firewall rules now but last time I checked it didn't appear very sophisticated or flexible.