Firewall: how to whitelist addresses from xxx.xx.*.*
So far I have managed to install Apache and mod_wsgi on Ubuntu 10.04.3 LTS and get a couple of web sites working. I've locked down SSH as described in the Linode docs - using key based auth, disabled passwords and root.
I'm using it to run some wiki software (moinmoin), but I want to limit all access to the Linode to IP addresses that originate from my university.
From what I understand from Linode's documentation, I need to block all incoming traffic but then whitelist the acceptable IPs. All acceptable traffic will come from xxx.xx.. (users on the uni VPN) or xxx.xxx.. (users on the uni network).
I'm struggling to come up with the iptables rules I should be using - could anyone help?
I have thought about using a VPN connection, but that might cause some problems when accessing scientific journals from within the university as IP based authentication is already used to access scientific journals. Disconnecting and reconnecting the VPN all the time would be a pain.
Any other suggestions for how I could limit the traffic would be appreciated. The websites will be password protected by .htaccess, but I want to secure the server as much as possible. Thanks for any help!
2 Replies
Using ufw
$ sudo apt-get install ufw
$ sudo ufw default deny
$ sudo ufw allow from ###.###.0.0/16 to any port 22
$ sudo ufw allow from ###.###.0.0/16 to any port 80
$ sudo ufw enable
Read up on the docs instead of just blindly copying and pasting. Ask if you're still unclear on things. Also, keep in mind it's not too hard to accidentally lock yourself out; use Lish
Edit: you could also configure Apache itself
