I have seen a couple of dead threads like this
IP Address Restriction in Bonsai ElasticSearch as a Heroku Addon
and this
https://stackoverflow.com/questions/16121531/tomcat-restrict-ip-access-ip-range-format
This is the first time I have hosted an ElasticSearch server to a linux machine . Let's assume my ES server is located at http://161.241.117.47:9200
and I have an app server at 161.241.117.41
Question is what can I do with my ip tables so that http requests to 161.241.117.47:9200 are only catered if they come from 161.241.117.41
Also, is there a possibility of creating a rule in iptable based on ethernet address? So I can connect from my latptop using HTTP?
I know I can use something like following
sudo iptables -A INPUT -p tcp --dport 9200 -j ACCEPT
But this will allow all incoming connections.
When I used the suggestions from the following answer it worked correctly with one IP but didn't for two! My iptable currently looks like this and is not able to filter multiple IPs
INPUT ACCEPT [554:135189]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3207:497908]
-A INPUT -s 182.72.29.250/32 -p tcp -m tcp --dport 9200:9400 -j ACCEPT
-A INPUT -s 162.243.225.24/32 -p tcp -m tcp --dport 9200:9400 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9200:9400 -j REJECT --reject-with icmp-port-unreachable
COMMIT
First, you need to set which IP's that can reach the computer
iptables -I INPUT 1 -p tcp --dport 9200:9400 -s IP_ADRRESS_1,IP_ADRRESS_2,IP_ADRRESS_3 -j ACCEPT
Then, you need to restrict any ip except specified ones can reach your ports.
iptables -I INPUT 4 -p tcp --dport 9200:9400 -j REJECT
Finally save your settings to a file.
sudo sh -c "iptables-save > /etc/iptables.rules"
If you want these changes persists on reboots, execute sudo vi /etc/network/interfaces
and add following pre-up iptables-restore < /etc/iptables.rules
Few things to remember:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With