iptables problem

hello,
i am currently working for a company and a task has been assigned to me to create a monitoring server on a linux machine (Centos 5.2) using splunkd, now i have created the monitoring server and its working fine,the issue is that i just want my server to be accessed only through my 3 IP-Addresses at port 8000, for this i am using iptables but unable to figure out how i will do this, can anybody help me, the current config of my iptables file is ————————————————
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp –icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp –dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp –dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp –dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 8000 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m udp -p udp –dport 514 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 514 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT –reject-with icmp-host-prohibited
——————————————————————————————
accessing server address is 172.16.100.187:8000, and the ip-adresses which i want to allow are 10.10.1.21, 10.10.1.22, 10.10.1.23 (only these 3 addresses can only access the server at http port 8000)………..the rest all the traffic should be blocked ……can anybody tell me exact configuration of iptables for this scenario.
Regards,
Tauseef Khan
Answer #1
specify the range of ips i.e ! 10.10.1.21-10.10.1.23 –dport 8000 -j DROP
Answer #2
The allowed IP only 3. network prefix /30 cannot be use imo. let say u use 10.10.1.20/30, usable host ip would be 10.10.1.21~10.10.1.22. not sure, but if this allowed , u can use that. but bear in mind, it will allowed 10.10.1.20 also since the range is .20~.23 . .20 will be the network address while .23 will be the broadcast address. (netmask : 255.255.255.252 / wildcard: 0.0.0.3)
if you want tu use the above solution this is should be done at your end.
i believe you want implement the iptables config at this address 172.16.100.187 .. am i rite?
here it is:
iptables -I RH-Firewall-1-INPUT -s 10.10.1.20/30 -p tcp --dport 8000 -j ACCEPT
as mention by , i think u can use this one also:
iptables -I RH-Firewall-1-INPUT -s 10.10.1.21-100.10.1.23 -p tcp --dport 8000 -j ACCEPT
hopefully the above command is correct? u might also want to try this:
iptables -I RH-Firewall-1-INPUT -m iprange --src-range 10.10.1.21-100.10.1.23 -p tcp --dport 8000 -j ACCEPT
hopefully this will help? lets wait for another linux GURU to reply.
sorry im noob
if u tried, please let us know if it is successfull or not. im not giving a try yet *lazy tbh*.