White list using iptables for proxies
Good evening, everyone! In general, the task is this: I raised the server for the proxy, which I specify in the client configs for connecting, the task is to make a white list on the virtual server, and allow access only to the specified ip vpn servers, so that users do not use the proxy separately from the vpn. How can this be implemented with iptables? Tell me please.
1 answers
It is strange that no one answered you in a month, because it is quite simple.
Option 1:
If there are not many white IP addresses, you can write rules for each address that will allow access to the port:
# разрешить айпи адресам 91.121.75.131 и 91.121.75.132 доступ к порту 3306
iptables -A INPUT -p tcp --dport 3306 -s 91.121.75.131 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -s 91.121.75.132 -j ACCEPT
# остальные айпи адреса на порт 3306 запретить
iptables -A INPUT -p tcp --dport 3306 -j DROP
Option 2:
If there are a lot of white IPIs, it is better to use ipset.
Set ipset:
apt install ipset -y
Next, create a list in it and add all your white IP addresses to it:
# создать список whitelist_ips
ipset create whitelist_ips iphash
# добавляем айпи в список
ipset add whitelist_ips 91.121.75.131
ipset add whitelist_ips 91.121.75.132
Now it remains to allow connections to port ip addresses from this whitelist_ips list:
# разрешить айпи адресам из списка whitelist_ips доступ к порту 3306
iptables -A INPUT -p tcp --dport 3306 -m set --match-set whitelist_ips src -j ACCEPT
# остальные айпи адреса на порт 3306 запретить
iptables -A INPUT -p tcp --dport 3306 -j DROP