Re: ipchians and ssh

To: Debian Mailing list <debian-user@lists.debian.org>
Subject: Re: ipchians and ssh
From: "Michael P. Soulier" <michael.soulier@home.com>
Date: Sun, 2 Sep 2001 13:25:46 -0400
Message-id: <[🔎] 20010902132546.A12620@storm.ca>
Mail-followup-to: Debian Mailing list <debian-user@lists.debian.org>
In-reply-to: <[🔎] 999450625.3b926801b14ba@heritage.sd57.bc.ca>
References: <[🔎] 999450625.3b926801b14ba@heritage.sd57.bc.ca>

On Sun, Sep 02, 2001 at 10:10:25AM -0700, Mike Egglestone wrote:
> Hi all,
> 
> What would be a good ipchains command to block all tcp traffic
> to and from a box except "ssh"?
> I have a box that will only be running rsync thru ssh.
> 
> This is what I tried, but I don't think it worked.
> 
> ipchains -I input -p tcp -s 0/0 -d 0/0 ! ssh -j DENY

    Personally, I start by blocking everything, and then open up what I need. 

$ipchains -P input DENY

# Allow incoming SSH on external interface.
$ipchains -A input -p tcp -d $ipexternal/32 22 -i eth0 -j ACCEPT
$ipchains -A input -p udp -d $ipexternal/32 22 -i eth0 -j ACCEPT

    Mike

Attachment: pgpVpEbtsfN2U.pgp
Description: PGP signature

Reply to:

References:
- ipchians and ssh
  - From: Mike Egglestone <megglestone@heritage.sd57.bc.ca>

Prev by Date: Re: Native filesystem of SCO Unix
Next by Date: Re: Why is it called "extended filesystem"
Previous by thread: Re: ipchians and ssh
Next by thread: Why is it called "extended filesystem"
Index(es):
- Date
- Thread