Allow specific IP addresses on specific port

less than 1 minute read

To allow only specific IP addresses to connect to a specific port, use the following iptables commands:

iptables -I INPUT -p tcp -s --dport 3306 -j DROP
iptables -I INPUT -p tcp -s --dport 3306 -j ACCEPT


  • tcp is the protocol (may also be udp)
  • is the IP address (change it to the one you want to allow)
  • 3306 is the port number (change it as well)

The first command blocks all communiation for this port. The second command then adds an exception for a specific IP address. The second command can be repeated for any IP address that should be allowed.


Leave a comment