Suppose INPUT is the default DROP, I’ll give examples of IPTables rules for FreeRADIUS:
iptables -A INPUT -p udp --dport 1812 -j ACCEPT
iptables -A INPUT -p udp --dport 1813 -j ACCEPT
To open access only to a specific network or IP address, for example, 192.168.5.5:
iptables -A INPUT -p udp -s 192.168.5.5/32 --dport 1812 -j ACCEPT
iptables -A INPUT -p udp -s 192.168.5.5/32 --dport 1813 -j ACCEPT
If INPUT is the default ACCEPT, then you can first resolve the necessary networks, and then block all others, for example:
iptables -A INPUT -p udp -s 127.0.0.1 --dport 1812 -j ACCEPT
iptables -A INPUT -p udp -s 127.0.0.1 --dport 1813 -j ACCEPT
iptables -A INPUT -p udp -s 192.168.5.5 --dport 1812 -j ACCEPT
iptables -A INPUT -p udp -s 192.168.5.5 --dport 1813 -j ACCEPT
iptables -A INPUT -p udp --dport 1812 -j DROP
iptables -A INPUT -p udp --dport 1813 -j DROP
If you need to add more addresses to the list, then delete the DROP rules, add the necessary networks, and again add the DROP rules last.
To remove the rule, replace -A with -D, for example:
iptables -D INPUT -p udp --dport 1812 -j ACCEPT
iptables -D INPUT -p udp --dport 1813 -j ACCEPT
If FreeRadius sends CoA/PoD requests to devices, then on these devices you need to open a port for FreeRadius:
iptables -A INPUT -s 192.168.5.25/32 -p udp --dport 3799 -j ACCEPT
See also my article:
Configure IPTables