https://community.hpe.com/t5/operating-system-linux/iptables/m-p/4611894#M40357 Thanks for the link, I have read the tutorial but I thought there was more to it than simply running something like:<BR /><BR />iptables -A INPUT -p tcp --destination-port 22 -m iprange --src-range 192.168.1.100-192.168.1.200 -j ACCEPT <BR /><BR />At the command prompt. Is there no 'DROP everything else' also nededed?<BR /><BR />Ta,<BR /><BR />Jon. Sun, 04 Apr 2010 16:22:43 GMT Jonathan Morrison 2010-04-04T16:22:43Z https://community.hpe.com/t5/operating-system-linux/iptables/m-p/4611892#M40355 Could anyone point me to a good IPTABLES protocol to reject all incoming traffic except for a single IP or IP range?<BR /><BR />Thanks,<BR /><BR />Jonathan. Sun, 04 Apr 2010 11:40:39 GMT https://community.hpe.com/t5/operating-system-linux/iptables/m-p/4611892#M40355 Jonathan Morrison 2010-04-04T11:40:39Z https://community.hpe.com/t5/operating-system-linux/iptables/m-p/4611893#M40356 Shalom Jonathan,<BR /><BR />Here is a good tutorial.<BR /><A href="http://www.cyberciti.biz/tips/linux-iptables-how-to-specify-a-range-of-ip-addresses-or-ports.html" target="_blank">http://www.cyberciti.biz/tips/linux-iptables-how-to-specify-a-range-of-ip-addresses-or-ports.html</A><BR /><BR />SEO Sun, 04 Apr 2010 13:49:26 GMT https://community.hpe.com/t5/operating-system-linux/iptables/m-p/4611893#M40356 Steven E. Protter 2010-04-04T13:49:26Z https://community.hpe.com/t5/operating-system-linux/iptables/m-p/4611894#M40357 Thanks for the link, I have read the tutorial but I thought there was more to it than simply running something like:<BR /><BR />iptables -A INPUT -p tcp --destination-port 22 -m iprange --src-range 192.168.1.100-192.168.1.200 -j ACCEPT <BR /><BR />At the command prompt. Is there no 'DROP everything else' also nededed?<BR /><BR />Ta,<BR /><BR />Jon. Sun, 04 Apr 2010 16:22:43 GMT https://community.hpe.com/t5/operating-system-linux/iptables/m-p/4611894#M40357 Jonathan Morrison 2010-04-04T16:22:43Z https://community.hpe.com/t5/operating-system-linux/iptables/m-p/4611895#M40358 Before setting up specific rules you should configure a default rule for each chain (it might be set already, check with "iptables -L INPUT").<BR /><BR />To set a default DROP rule for INPUT:<BR /><BR />iptables -P INPUT DROP Mon, 05 Apr 2010 08:32:04 GMT https://community.hpe.com/t5/operating-system-linux/iptables/m-p/4611895#M40358 J. Maestre 2010-04-05T08:32:04Z https://community.hpe.com/t5/operating-system-linux/iptables/m-p/4611896#M40359 You might want to do something similar to this:<BR /><BR />:INPUT DROP<BR />-A INPUT -i lo -j ACCEPT<BR />-A INPUT -p tcp -m state --state NEW --dport 22 -s 192.168.0.0/24 -j ACCEPT<BR />-A INPUT -p tcp -m state --state ESTABLISHED,RELATED --dport 22 -s 192.168.0.0/24 -j ACCEPT<BR /><BR />You could substitute the range of IPs with a specific IP address.<BR /><BR />Cheers Mon, 05 Apr 2010 15:41:17 GMT https://community.hpe.com/t5/operating-system-linux/iptables/m-p/4611896#M40359 loco_vikide 2010-04-05T15:41:17Z