Linux Iptables allow LDAPS server incoming client request

Secure LDAP (LDAP over SSL) incoming client request service by default listen on TCP port 636 for queries. Following iptable rules allows incoming client request (open port TCP port 636) for server IP address 202.54.1.20 :
iptables -A INPUT -p tcp -s 0/0 –sport 1024:65535 -d 202.54.1.20 –dport 636 -m state –state NEW,ESTABLISHED -j ACCEPT

ADVERTISEMENTS

iptables -A OUTPUT -p tcp -s 202.54.1.20 –sport 636 -d 0/0 –dport 1024:65535 -m state –state ESTABLISHED -j ACCEPT

Restrict access to LDAPS database server from your network is essential, following iptables allows incoming LDAPS client request from IP address 202.54.1.0/24 network only:
iptables -A INPUT -p tcp -s 202.54.1.0/24 –sport 1024:65535 -d 202.54.1.20 –dport 636 -m state –state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp -s 202.54.1.20 –sport 636 -d 202.54.1.0/24 –dport 1024:65535 -m state –state ESTABLISHED -j ACCEPT

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
1 comment… add one
  • Anonymous Aug 4, 2005 @ 18:47

    gr8 was looking for stateful rule

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.