IPTables rules for Accel-ppp

In this article I will give an example of IPTables rules for Accel-ppp.

Suppose the default “iptables -P INPUT ACCEPT” for all connections (and if DROP, which is very desirable, then we do not use all the DROP rules below, we only execute ACCEPT):

We allow access to DHCP only local networks:

/sbin/iptables -A INPUT -s 10.0.0.0/8 -p udp --dport 67 -j ACCEPT
/sbin/iptables -A INPUT -s 172.16.0.0/12 -p udp --dport 67 -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 67 -j DROP

Allow access to accel-cmd only to billing and the server on which accel-cmd is running:

/sbin/iptables -A INPUT -s 192.168.2.2/32 -p tcp --dport 2001 -j ACCEPT
/sbin/iptables -A INPUT -s 192.168.2.1/32 -p tcp --dport 2001 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 2001 -j DROP

Let accel-ppp accept CoA / PoD only from billing:

/sbin/iptables -A INPUT -s 192.168.2.2/32 -p tcp --dport 3799 -j ACCEPT
/sbin/iptables -A INPUT -s 192.168.2.2/32 -p udp --dport 3799 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 3799 -j DROP
/sbin/iptables -A INPUT -p udp --dport 3799 -j DROP

See also my other Accel-ppp articles

Did my article help you? How about buying me a cup of coffee as an encouragement? Buy me a coffe.

Leave a comment

Leave a Reply