Louis Matthijssen

To allow only specific IP addresses to connect to a specific port, use the following iptables commands:

iptables -I INPUT -p tcp -s 0.0.0.0/0 --dport 3306 -j DROP
iptables -I INPUT -p tcp -s 192.168.1.100 --dport 3306 -j ACCEPT

Where:

  • tcp is the protocol (may also be udp)
  • 192.168.1.100 is the IP address (change it to the one you want to allow)
  • 3306 is the port number (change it as well)

The first command blocks all communiation for this port. The second command then adds an exception for a specific IP address. The second command can be repeated for any IP address that should be allowed.