Prasanta Biswas
Reputation: 829
How to allow incoming connection on a particular port from specific IP
I am running mongodb in a docker container with 27017 port exposed with host to allow remote incoming connection. I want to block incoming connection on this port except a particular IP. I tried with iptables but it is not working. Maybe because of the docker service for which iptables commands need to be modified.
However I used the following commands:
myserver>iptables -I INPUT -p tcp -s 10.10.4.232 --dport 27017 -j ACCEPT
myserver>iptables -I INPUT -p tcp -s 0.0.0.0/0 --dport 27017 -j DROP
myserver>service iptables save
Then tried the following to check
mylocal>telnet myserver 27017
It is connected. So iptables is not working.
How do I do it?
I am using centos 6.8 and running mongodb 10 in docker container.
Upvotes: 1
Views: 857
Answers (1)
Rawkode
Reputation: 22592
First, enable the source IP you wish to connect:
iptables -A INPUT -p tcp --dport 27017 -s 10.10.4.232 -j ACCEPT
Then DROP all the rest:
iptables -A INPUT -p tcp --dport 27017 -j DROP
Upvotes: 1
Related Questions
- Connection refused to MongoDB errno 111
- Allow MongoDB remote access for specific IP
- create mongo container in docker with specific ports
- Unable to connect to mongo on remote server
- Restrict Docker exposed port from only specific IP adresses
- MongoDB cannot connect from remote computer
- How to allow remote connections from mongo docker container
- protect mongodb ports with iptables
- iptables blocking local connection to mongodb
- IPTables issue: Can't connect to mongodb w/ mongo shell - CentOS