IPTables rules for Accel-ppp

In this article I will give an example of IPTables rules for Accel-ppp.

Suppose the default “iptables -P INPUT ACCEPT” for all connections (and if DROP, which is very desirable, then we do not use all the DROP rules below, we only execute ACCEPT):

We allow access to DHCP only local networks:

/sbin/iptables -A INPUT -s -p udp --dport 67 -j ACCEPT
/sbin/iptables -A INPUT -s -p udp --dport 67 -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 67 -j DROP

Let access to accel-cmd only billing:

/sbin/iptables -A INPUT -s -p tcp --dport 2001 -j ACCEPT
/sbin/iptables -A INPUT -s -p udp --dport 2001 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 2001 -j DROP
/sbin/iptables -A INPUT -p udp --dport 2001 -j DROP

Let accel-ppp accept CoA / PoD only from billing:

/sbin/iptables -A INPUT -s -p tcp --dport 3799 -j ACCEPT
/sbin/iptables -A INPUT -s -p udp --dport 3799 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 3799 -j DROP
/sbin/iptables -A INPUT -p udp --dport 3799 -j DROP

See also my other Accel-ppp articles

Did my article help you? How about buying me a cup of coffee as an encouragement? Buy me a coffe.

Leave a comment

Leave a Reply