Iptables restrict tcp port 5678 access to openvpn users only

Hi All,

I have a VPS running an HTTPS admin service on TCP 5678.
I want to restrict this to OpenVPN users only and have tried the following:
iptables -A INPUT -s 10.8.1.0/24 -p tcp -m tcp --dport 5678 -m conntrack --ctstate NEW -j ACCEPT

Unfortunately this service is still open to the internet. How do i lock it down so only OpenVPN users can access it?

Operating system is Debian.

iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

Hello,

Can you state your operating system and distro name? Is it CentOS or Debian or Ubuntu? The firewall config depends upon it. What is the purpose of TCP 5678 port? Also paste output from:

iptables -S 

Thanks, have updated my question.

You don’t have any firewall. Hence, the port is always open. I suggest you set up ufw firewall on Debian server.

Install ufw

apt-get install ufw

Open SSH port

ufw allow ssh

Open OpenVPN port

ufw allow openvpn

Open HTTP/HTTPS web server port

ufw allow 80/tcp
ufw allow 443/tcp

Like this open all needed ports.

Open TCP 5678 port for OpenVPN users only

ufw allow from 10.8.1.0/24 to any port  5678 proto tcp

Enable the firewall

ufw enable

Hey, be careful with firewall stuff when you are new. Wrong rule will lock down your server. Please investigate and find a list of all required TCP/UDP open ports for the server. By default, the ufw will blocks access to everything. So, you need to open all those ports before typing final:

ufw enable

Be careful my friend. This page https://www.cyberciti.biz/faq/how-to-configure-firewall-with-ufw-on-ubuntu-20-04-lts/ works on Debian too.

Thanks guys. Any ways of doing this with iptables alone rather than adding ufw?

Check the following page. It explains how to set up and use iptables:
https://wiki.debian.org/DebianFirewall


Linux sysadmin blog - Linux/Unix Howtos and Tutorials - Linux bash shell scripting wiki