Re: ipchians and ssh
Quoting dman <dsh8290@rit.edu>:
> On Sun, Sep 02, 2001 at 10:10:25AM -0700, Mike Egglestone wrote:
> | Hi all,
> |
> | What would be a good ipchains command to block all tcp traffic
> | to and from a box except "ssh"?
> | I have a box that will only be running rsync thru ssh.
> |
> | This is what I tried, but I don't think it worked.
> |
> | ipchains -I input -p tcp -s 0/0 -d 0/0 ! ssh -j DENY
>
> What you need to do is specify the port to allow, somehow. ssh uses
> port 22 unless you do something strange to make it use a different
> port.
>
> With iptables I use the command :
>
> iptables -A INPUT -p tcp --dport ssh -j ACCEPT
>
> This says that in the input chain, for tcp packets, if the port number
> matches ssh in /etc/services then accept the packet regardless of IP
> addresses. Hopefully this will give you a pointer towards the
> necessary ipchains options. You may need to specify an integer rather
> than a name defined in /etc/services for ipchains, I don't know for
> sure.
>
> -D
>
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
Hi..
My ssh is running on port 22.
I figured my original ipchain command will block everything
except ssh. (thus I used the "!" with ssh)
Do you think its best to change the state of the input chain to DENY and
then just allow ssh ?
Thanks
Mike
Reply to: