Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ElasticSearch restrict access using IP tables

I have seen a couple of dead threads like this

IP Address Restriction in Bonsai ElasticSearch as a Heroku Addon

and this

https://stackoverflow.com/questions/16121531/tomcat-restrict-ip-access-ip-range-format

This is the first time I have hosted an ElasticSearch server to a linux machine . Let's assume my ES server is located at http://161.241.117.47:9200 and I have an app server at 161.241.117.41

Question is what can I do with my ip tables so that http requests to 161.241.117.47:9200 are only catered if they come from 161.241.117.41

Also, is there a possibility of creating a rule in iptable based on ethernet address? So I can connect from my latptop using HTTP?

I know I can use something like following

sudo iptables -A INPUT -p tcp --dport 9200 -j ACCEPT

But this will allow all incoming connections.

When I used the suggestions from the following answer it worked correctly with one IP but didn't for two! My iptable currently looks like this and is not able to filter multiple IPs

 INPUT ACCEPT [554:135189]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3207:497908]
-A INPUT -s 182.72.29.250/32 -p tcp -m tcp --dport 9200:9400 -j ACCEPT
-A INPUT -s 162.243.225.24/32 -p tcp -m tcp --dport 9200:9400 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9200:9400 -j REJECT --reject-with icmp-port-unreachable
COMMIT
like image 603
Sap Avatar asked Feb 11 '14 08:02

Sap


1 Answers

First, you need to set which IP's that can reach the computer

iptables -I INPUT 1 -p tcp --dport 9200:9400 -s IP_ADRRESS_1,IP_ADRRESS_2,IP_ADRRESS_3 -j ACCEPT

Then, you need to restrict any ip except specified ones can reach your ports.

iptables -I INPUT 4 -p tcp --dport 9200:9400 -j REJECT

Finally save your settings to a file.

sudo sh -c "iptables-save > /etc/iptables.rules"

If you want these changes persists on reboots, execute sudo vi /etc/network/interfaces and add following pre-up iptables-restore < /etc/iptables.rules

Few things to remember:

  1. You can add more ips to first command.
  2. If you add extra ips you should set the value(4) in the second command. It is the rule order, so it must be latest rule. Thus add 1 for each ip you add.
like image 69
shyos Avatar answered Nov 19 '22 20:11

shyos