If you need to block all incomming traffic except an specific range, you should first change the default policy of the INPUT chain to DROP:
iptables --policy INPUT DROP
Then, you should give a netmask to iptables
to allow many IP addresses altogether exceptionally. For example, if you need to only allow 74.231.64.1
, 74.231.64.2
, to 74.231.64.255
, you can use following command:
iptables -A INPUT -s 74.231.64.0/24 -j ACCEPT
74.231.64.0/24
tells to iptables to apply the same role to all varying IPs between 74.231.64.1
to 74.231.64.255
. Similarly, you can widen this range by passing 74.231.0.0/16
or 74.0.0.0/8
instead.
IMPORTANT NOTE: Before applying this change, you better have a direct access to the system, not an over-network access. This is because a miss type may block you from the server.