IPTables rules for Zabbix

Suppose on the default server INPUT DROP, then I will give an example of the rule for Zabbix agent:

iptables -A INPUT -p tcp -m tcp --dport 10050 -j ACCEPT

I will give an example of the rule for Zabbix server:

iptables  -A INPUT -p tcp -m tcp --dport 10051 -j ACCEPT

If you need to open access only to a specific IP address or network, for example 192.168.5.0/24, then:

iptables -A INPUT -s 192.168.5.0/24 -p tcp -m tcp --dport 10050 -j ACCEPT 
iptables -A INPUT -s 192.168.5.0/24 -p tcp -m tcp --dport 10051 -j ACCEPT 

If INPUT is the default ACCEPT, then you can first accept the necessary networks, and then block all others, for example:

iptables -A INPUT -s 192.168.5.0/24 -p tcp -m tcp --dport 10050 -j ACCEPT
iptables -A INPUT -s 192.168.5.0/24 -p tcp -m tcp --dport 10051 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 10050 -j DROP
iptables -A INPUT -p tcp -m tcp --dport 10051 -j DROP

If you need to add more addresses to the list, then remove the DROP rules, add the necessary networks, and again add the DROP rules last.

To remove the rule, replace -A with -D, for example:

iptables -D INPUT -p tcp -m tcp --dport 10050 -j ACCEPT
iptables -D INPUT -p tcp -m tcp --dport 10051 -j ACCEPT

See also my article:
How to configure IPTables

Leave a comment

Leave a Reply