iptables works the way that the first matching rule is the one that defines what happens, further queries down the road won't be considered.
So if you have a set of trusted IP addresses, let's say the following list:
- 192.168.123.241
- 10.43.88.0/24 (range from 10.43.88.0 to 10.43.88.255)
- 172.30.0.0/16 (172.30.0.0 - 172.30.255.255),
To add them as trusted, simply add:
Code:
iptables -A INPUT -p tcp -s 192.168.123.241 -j ACCEPT
iptables -A INPUT -p tcp -s 10.43.88.0/24 -j ACCEPT
iptables -A INPUT -p tcp -s 172.30.0.0/16 -j ACCEPT
On the the 6th line and forward, e.g.:
Code:
iptables -F
iptables -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -A INPUT -p tcp -s 192.168.123.241 -j ACCEPT
iptables -A INPUT -p tcp -s 10.43.88.0/24 -j ACCEPT
iptables -A INPUT -p tcp -s 172.30.0.0/16 -j ACCEPT
[...]
all your other rules here
[...]
Be sure that you're not opening up too much here, but only add the individual IP addresses / *small* group of networks that you actually trust 100%.
If necessary, you can do the same rules once more, replacing "-p tcp" with "-p udp" to liften up UDP filters.
HLSW (at least in the past), is tied to the IP address of your own personal internet connection - the IP address you are browsing from, and typically likely very dynamic. In many cases today, ISP's run multiple behind one using Carrier Grade NAT.
As such, opening up 100% for the IP you're on from yourself, might also open up for your neighbours and others on the same ISP, and may be causing much more harm than good. So I wouldn't really suggest opening up for a normal residential connections.
Only do such white-listing with caution.