IPTables rules for Zabbix

Suppose on the default server INPUT DROP, then I will give an example of the rule for Zabbix agent:

iptables -A INPUT -p tcp -m tcp --dport 10050 -j ACCEPT

I will give an example of the rule for Zabbix server:

iptables  -A INPUT -p tcp -m tcp --dport 10051 -j ACCEPT

If you need to open access only to a specific IP address or network, for example 192.168.5.0/24, then:

iptables -A INPUT -s 192.168.5.0/24 -p tcp -m tcp --dport 10050 -j ACCEPT 
iptables -A INPUT -s 192.168.5.0/24 -p tcp -m tcp --dport 10051 -j ACCEPT 

If INPUT is the default ACCEPT, then you can first accept the necessary networks, and then block all others, for example:

iptables -A INPUT -s 192.168.5.0/24 -p tcp -m tcp --dport 10050 -j ACCEPT
iptables -A INPUT -s 192.168.5.0/24 -p tcp -m tcp --dport 10051 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 10050 -j DROP
iptables -A INPUT -p tcp -m tcp --dport 10051 -j DROP

If you need to add more addresses to the list, then remove the DROP rules, add the necessary networks, and again add the DROP rules last.

To remove the rule, replace -A with -D, for example:

iptables -D INPUT -p tcp -m tcp --dport 10050 -j ACCEPT
iptables -D INPUT -p tcp -m tcp --dport 10051 -j ACCEPT

See also my article:
IPTables setup

Did my article help you? How about buying me a cup of coffee as an encouragement? Buy me a coffe.

Leave a comment

Leave a Reply