Restricting web interface access with iptables

By default all SysAdminMan VPSs come with port 443 open to allow https access to the web GUI. A really good security tip, where possible, is to restrict this to only IP addresses that need access.

First, whenever making changes to iptables I always temporarily disable them from running at startup. This way if you make an error and lock yourself out the server just needs a restart. You must remember to re-enable at the end!

Disable iptables at startup and copy the existing configuration –

chkconfig iptables off

cp /etc/sysconfig/iptables /etc/sysconfig/iptables.orig

Next list the current inbound rules with their line numbers –

iptables -L INPUT -n --line-numbers

num  target     prot opt source               destination
...
7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:4445
8    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22 state NEW
9    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:443 state NEW
10   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:5060
...

So https access (port 443) is allowed in rule 9. Now we are going to delete this rule –

iptables -D INPUT 9

Now we add in the new rule to allow access to port 443 from a particular IP address. You will want to change the IP address below (123.123.123.123) to be your IP address. You may also want to change the Ethernet interface (venet0) if you are not using a SysAdminMan VPS –

iptables -I INPUT 1 -i venet0 -p tcp -m tcp -s 123.123.123.123 --dport 443 -j ACCEPT

Now check that the rule is working correctly. If it is we can save the current rules and enable them at startup again –

service iptables save
chkconfig iptables on

1 thought on “Restricting web interface access with iptables

  1. Herman

    Please let me know where I went wrong I can’t access the asterisknow web I can ping its ip address I have tried reinstalling I can login on the server its self onething is am not well conversant with linux commands I used the root user name and password which I entered while installing but I can’t access it on the web and there is no direct troubleshooting avilable which actually makes me hesitant to use this pbx so if I can be helped urgently I will be grateful.

Comments are closed.