Restricting web interface access with iptables

By default all SysAdminMan VPSs come with port 443 open to allow https access to the web GUI. A really good security tip, where possible, is to restrict this to only IP addresses that need access.

First, whenever making changes to iptables I always temporarily disable them from running at startup. This way if you make an error and lock yourself out the server just needs a restart. You must remember to re-enable at the end!

Disable iptables at startup and copy the existing configuration –

chkconfig iptables off

cp /etc/sysconfig/iptables /etc/sysconfig/iptables.orig

Next list the current inbound rules with their line numbers –

iptables -L INPUT -n --line-numbers

num  target     prot opt source               destination
7    ACCEPT     tcp  --             tcp dpt:4445
8    ACCEPT     tcp  --             tcp dpt:22 state NEW
9    ACCEPT     tcp  --             tcp dpt:443 state NEW
10   ACCEPT     tcp  --             tcp dpt:5060

So https access (port 443) is allowed in rule 9. Now we are going to delete this rule –

iptables -D INPUT 9

Now we add in the new rule to allow access to port 443 from a particular IP address. You will want to change the IP address below ( to be your IP address. You may also want to change the Ethernet interface (venet0) if you are not using a SysAdminMan VPS –

iptables -I INPUT 1 -i venet0 -p tcp -m tcp -s --dport 443 -j ACCEPT

Now check that the rule is working correctly. If it is we can save the current rules and enable them at startup again –

service iptables save
chkconfig iptables on

1 thought on “Restricting web interface access with iptables

  1. Herman

    Please let me know where I went wrong I can’t access the asterisknow web I can ping its ip address I have tried reinstalling I can login on the server its self onething is am not well conversant with linux commands I used the root user name and password which I entered while installing but I can’t access it on the web and there is no direct troubleshooting avilable which actually makes me hesitant to use this pbx so if I can be helped urgently I will be grateful.

Comments are closed.