> how do i close port 80 to all users except for a few ips ? > the generic match > of --dport doesn't work for me. Why not ? Are these users on your LAN or on the internet ? Do these users have a fixed IP ? iptables -P INPUT DROP iptables -A INPUT -s <src_ip> -p tcp --dport 80 -j ACCEPT ... iptables -A INPUT -s <src_ip> -p tcp --dport 80 -j ACCEPT Or maybe you can use the MAC address match. iptables -P INPUT DROP iptables -A INPUT -m mac --mac-source <src_mac> -p tcp --dport 80 -j ACCEPT ... iptables -A INPUT -m mac --mac-source <src_mac> -p tcp --dport 80 -j ACCEPT Rob
