Easiest/best way to only allow certain IP ranges for access

blur

12/9/22, 5:47 PM

I'm looking for the easiest/best way to only certain IP ranges to access my Ubuntu 20.04 installation. I would mainly like this so I can block web traffic (apache), but a full server block would be best.

I realize that a hardware option is best for this, but I can't afford that. I also realize that 'easiest' and 'best' don't always go together.

Also, does having more IP ranges slow down the server?

Any help would be appreciated.

1 + 0

ubuntu

ubuntu-20.04

Score:1

Server

NiKiZe

12/9/22, 6:23 PM

You can filter all IP traffic except the one you want quite easily on most Linux installations. Remember that when doing this you might lose access to server.

Here is a small base that might work.

# Allow some related traffic
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow single source ip
iptables -A INPUT -s x.x.x.x/net -j ACCEPT
# Drop everything else
iptables -P INPUT DROP

Before running the last drop line which activates everything, you can use iptables -vnL which shows you counters for when rule matches, make sure that it does.

Doing ip-filtering does use CPU cycles, but so does answering any packets. This is almost never a concern unless you are doing complex rules on high throughput. this is not complex rules.

0 + 1

blur

12/9/22, 6:38 PM

Thank you for your help on this!

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Easiest/best way to only allow certain IP ranges for access

TH: วิธีที่ง่ายที่สุด/ดีที่สุดในการอนุญาตให้เข้าถึงช่วง IP บางช่วงเท่านั้น

RO: Cel mai simplu/cel mai bun mod de a permite accesul numai la anumite intervale de IP

RU: Самый простой/лучший способ разрешить доступ только к определенным диапазонам IP-адресов

VI: Cách dễ nhất/tốt nhất để chỉ cho phép các dải IP nhất định truy cập

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.