Add firewall rule to allow remote connection from a specific IP

Add firewall rule to allow remote connection from a specific IP

by priyanka

Posted on November 23, 2017 10:00 AM

Often as tech people, on a day to day basis we're required to give our clients access to the server or they want us to give limited access to other people. Say only database access to their data guy. This is usually smooth via server managment tools like Plesk or cPanel. But sometimes also depending on the server, there are some strict firewall rules to prevent any kind of access or restrict most of the IPs to remotely connect to the server.

While working for one of my clients I came across this situation where I had to allow a connection from an IP on a specific port and grant "SELECT ALL" access on a database hosted on a server that had very strict firewall rules and a lot of them that I couldn't even manually go through. Anyone technical could say you could just add an Iptable rule and that should do it? Well, that's the catch here! Yes, in an ideal scenario where a server isn't running these many IP rules, your new rule might just work straight away. And you obviously don't want to add a rule that bypasses the existing rules nullyfying their effect. This could be a security breech! So I wanted to be able to add a new IP rule, leaving the existing ones as is allowing the new one to be effective too.

So after a deep drill down I found the solution that did not require me to restart the server. Usually when you have full server control specially when you provide your own hosting, restarting a server is a piece of cake but only after you've gone through the services that are running and it's not in the middle of taking backups/running heavy duty transactions which could get lost if you restart it but otherwise it's absolutely fine to do that. 

The following solution allows you to add an IP rule that jumps to the top of the queue leaving other rules intact and takes effect immediately.

I really hope this helps fellow tech folks and save them time browsing through various solutions. Cheers!