只向一个外部IP地址打开端口

Question

我在某个开放端口上遇到了不必要的流量问题，并且希望锁定开放端口，因此它只允许来自一个外部IP地址的传入流量。我有谷歌，似乎找不到解决方案，只提到使用iptable (我没有经验)。

正在使用的路由器是Draytek Vigor2950。

提前谢谢。

Answer 1

我相信我自己已经找到了答案。如果它对其他人有帮助，我找到的解决方案是：http://forums.whirlpool.net.au/archive/1368080

Yes, but it can't be done only by port forward, firewall is also needed.
Steps are as below:
1. Open http port for internal 192.168.1.2(your internal server)
2. Setup two firewall filter rule.
Filter Set 2 Rule 2(first data filter rule)
Direction: WAN -> LAN
Source IP: Any
Destination IP: 192.168.1.2
Service Type: http
Filter: Block if no further match

Filter Set 2 Rule 3
Direction: WAN -> LAN
Source IP: 202.202.202.202
Destination IP: 192.168.1.2
Service Type: http
Filter: Pass immediately

Then only 202.202.202.202 is allowed to access internal server.