ipTables blocking memcached

Question

I have one server running memcached and another server that should be able to connect to the memcached server.

memcached is set up to listen to 0.0.0.0:5666

This allows for anyone to connect to it so i want to block the port 5666 for everyone except the other server. I thought this would do it:

iptables -A INPUT -p tcp --dport 5666 -j REJECT
iptables -A INPUT -p tcp -s 79.xxx.xxx.xxx --dport 5666 -j ACCEPT

But it did not, now i can not connect at all from the other server, before it worked fine.

Answer 1

iptables rules are evaluated in the order that they're given. Just switch the order of those two lines.

Answer 2

You need the ACCEPT condition before before the REJECT condition. By putting the REJECT first it rejects your valid IP and then stops and your second rule is never seen.