Linux uses iptables to limit multiple IPs from accessing your server

Preface

In the Linux kernel, netfilter is a subsystem responsible for packet filtering, network address translation (NAT), and connection tracking based on protocol types. This subsystem consists of some packet filtering tables, which contain the rule sets used by the kernel to control packet filtering processing. iptables is a tool for managing netfilter.

Multiple consecutive IP operations

1. Split into multiple commands to run

iptables -A INPUT 192.168.122.2 -j ACCEPT 
iptables -A INPUT 192.168.122.3 -j ACCEPT 
iptables -A INPUT 192.168.122.4 -j ACCEPT 
iptables -A INPUT 192.168.122.5 -j ACCEPT 
....

This method requires writing many commands, and will make the iptables table very long and difficult to manage. Moreover, a large number of commands will have a small (negligible) impact on performance.

2. Access control can be performed on the IP of an IP segment in the form of IP/MASK

iptables -A INPUT 192.168.122.0/24 -j ACCEPT

This method requires calculating the specified source code for the IP range, which is not flexible. (Although many users use this method for convenience, excessive authorization will pose a security risk)

3. iptables has many modules, among which iprange is used to specifically handle access control of continuous IP segments

iptables -A INPUT -m iprange --src-range 192.168.122.2-192.168.122.34 -j ACCEPT #match source IP
iptables -A INPUT -m iprange --dest-range 8.8.8.2-8.8.8.22 -j DROP #match the target IP

This method is more flexible. There is no need to calculate the mask, just give the range directly.

Summarize

Currently, the official does not seem to support discontinuous IPs, but some people have added modules to support discontinuous IPs.

Personally, I think that if you want to manage the iptables list well, you still have to organize it first and then restrict it. If you need to use continuous IPs, use the above method. If they are not continuous, you should write multiple commands honestly. Moreover, if there are more machines, you have to install modules, which may affect the stability of the system.

recommend:

Interested friends can follow the editor’s WeChat public account [ Coder’s Stuff ] for more web page production special effects source code and learning materials! ! !

The above is what I introduced to you about using iptables in Linux to limit multiple IPs from accessing your server. I hope it will be helpful to you. If you have any questions, please leave me a message and I will reply to you in time. I would also like to thank everyone for their support of the 123WORDPRESS.COM website!

You may also be interested in:

How to use firewall iptables strategy to forward ports on Linux servers
Detailed explanation of Linux iptables common firewall rules
Basic usage tutorial of IPTABLES firewall in LINUX
Detailed explanation of Linux iptables command
Summary of how to view, add, delete and modify iptables rules of Linux firewall
Detailed explanation of the common commands for banning and unblocking IPs in Linux firewall iptables
Examples of iptables blocking and opening ports in Linux
Detailed explanation of Docker using Linux iptables and Interfaces to manage container networks
Linux vps server common service iptables strategy
How to use iptables to configure Linux to prohibit all port logins and open specified ports
Solution to the lack of iptables files in the /etc/sysconfig directory of the newly installed Linux system
How to use iptables to set security policies on Alibaba Cloud Linux servers
Linux defends against DDOS attacks by limiting TCP connections and frequencies through iptables
Configuration method of resisting brute force cracking through iptables+Denyhost on Linux server
Linux firewall iptables introductory tutorial
Example of adding iptables firewall rules in Linux
Linux firewall iptables detailed introduction, configuration method and case