How to properly define iptables to accept traffic only from specified hosts?

[remy06]

Hi,

I have an log monitoring application that is listening on port 514 to receive events only from certain hosts. In order to control this,I've tried set up iptables to define those hosts that are allowed to this application. Here is an example of the script that contain the commands:

iptables.sh ->

Code:

iptables -I INPUT -p tcp -s 192.168.0.10/24 --dport 514 -j ACCEPT
iptables -I INPUT -p tcp -s 192.168.0.15/24 --dport 514 -j ACCEPT
...
service iptables save
service iptables restart

service iptables status ->

Code:

1    ACCEPT     tcp  --  192.168.0.10         0.0.0.0/0           tcp dpt:514
2   ACCEPT     tcp  --  192.168.0.15       0.0.0.0/0           tcp dpt:514

Seems ok but my application has been receiving data from another additional host that is not specified in the rules.

Is there anything wrong with the command or something I've missed?

[RDU]

The default policy is to accept anything, so your rules accept the allowed traffic and the default policy accept anything else.
You should either change default policy to drop (but doing this, you need also to add other accept rules to allow other type of traffic (e.g. ssh, ...) or easier, you simply add AFTER your ACCEPT rule this one (drop without source address selection):
iptables -I INPUT -p tcp --dport 514 -j DROP