IPTables rules for FreeRADIUS

Suppose INPUT is the default DROP, I’ll give examples of IPTables rules for FreeRADIUS:

iptables -A INPUT -p udp --dport 1812 -j ACCEPT
iptables -A INPUT -p udp --dport 1813 -j ACCEPT

To open access only to a specific network or IP address, for example, 192.168.5.5:

iptables -A INPUT -p udp -s 192.168.5.5/32 --dport 1812 -j ACCEPT
iptables -A INPUT -p udp -s 192.168.5.5/32 --dport 1813 -j ACCEPT

If INPUT is the default ACCEPT, then you can first resolve the necessary networks, and then block all others, for example:

iptables -A INPUT -p udp -s 127.0.0.1 --dport 1812 -j ACCEPT
iptables -A INPUT -p udp -s 127.0.0.1 --dport 1813 -j ACCEPT
iptables -A INPUT -p udp -s 192.168.5.5 --dport 1812 -j ACCEPT
iptables -A INPUT -p udp -s 192.168.5.5 --dport 1813 -j ACCEPT
iptables -A INPUT -p udp --dport 1812 -j DROP
iptables -A INPUT -p udp --dport 1813 -j DROP

If you need to add more addresses to the list, then delete the DROP rules, add the necessary networks, and again add the DROP rules last.

To remove the rule, replace -A with -D, for example:

iptables -D INPUT -p udp --dport 1812 -j ACCEPT
iptables -D INPUT -p udp --dport 1813 -j ACCEPT

If FreeRadius sends CoA/PoD requests to devices, then on these devices you need to open a port for FreeRadius:

iptables -A INPUT -s 192.168.5.25/32 -p udp --dport 3799 -j ACCEPT

See also my article:
Configure IPTables

Leave a comment

Leave a Reply

Discover more from IT Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading