--- Mark Maas <[EMAIL PROTECTED]> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi All,
>
> I'm trying to restrict access to my ssh server from
> the outside to
> allow only two IP adresses and the internal lan
> ofcourse.
> And deny access to everyone else.
>
> People are trying the guess a username and password
> tactic a little
> too much to my liking...
>
> Do I use hosts.deny, hosts.allow for this? If so,
> which one takes
> precedence?
>
> Thanks,
> Mark
I think this will be achieve much better with a couple
of rules with iptables:
#iptables -A INPUT -s [valid ip1] -d [external ip]
--dport 22 -j ACCEPT
#iptables -A INPUT -s [valid ip2] -d [external ip]
--dport 22 -j ACCEPT
#iptables -A INPUT -s [internal net] -d [internal ip]
--dport 22 -j ACCEPT
#iptables -A INPUT -s 0.0.0.0/0 -d [external ip]
--dport 22 -j REJECT
in this case the valid ip mus be in the format
192.168.0.1/32 for example.
and for your internal network:
192.168.0.0/28 or whatever mask you use.
Also you can do a bash script to run at boot time in
order to get this automatic and restric other services
too.
I hope this help.
Regards
=====
--
Sergio Basurto J.
If I have seen further it is by standing on the
shoulders of giants. (Isaac Newton)
--
__________________________________
Do you Yahoo!?
Meet the all-new My Yahoo! - Try it today!
http://my.yahoo.com
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
