Re: SSH & iptables

2009-05-26 Thread Eric Gerlach
I would recommend using firehol for something like this. The following /etc/firehol/firehol.conf would do the trick: interface any world server ssh accept client all accept In fact, I think that's close to the default conf file. You should read the docs, though, you don't want t

Re: SSH & iptables

2009-05-25 Thread Todd A. Jacobs
On Sun, May 24, 2009 at 11:12:04PM +0200, Pawel Cholewinski wrote: > I want to filter traffic on SSH server. I want to ACCEPT only SSH > trafic on SSH server computer. Packet SSH which receive and send > should be ACCEPT. Other traffic should be DROP. Which protocol I must > use. I know that po

Re: SSH & iptables

2009-05-25 Thread pch0317
Thanks for answers. Alex Samad wrote: On Mon, May 25, 2009 at 12:53:58PM +0100, Nuno Magalhães wrote: iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -j DROP but that will not work how you expect (don't implement it remotely ) How would one implement it remotely? I

Re: SSH & iptables

2009-05-25 Thread Alex Samad
On Mon, May 25, 2009 at 12:53:58PM +0100, Nuno Magalhães wrote: > > iptables -A INPUT -p tcp --dport 22 -j ACCEPT > > iptables -A INPUT -j DROP > > > > but that will not work how you expect (don't implement it remotely ) > > How would one implement it remotely? I (may have) read somewhere that > b

Re: SSH & iptables

2009-05-25 Thread Nuno Magalhães
> iptables -A INPUT -p tcp --dport 22 -j ACCEPT > iptables -A INPUT -j DROP > > but that will not work how you expect (don't implement it remotely ) How would one implement it remotely? I (may have) read somewhere that blocking everything but ssh wouldn't mess with your ssh session, but i'm not su

Re: SSH & iptables

2009-05-24 Thread Alex Samad
On Sun, May 24, 2009 at 11:12:04PM +0200, Pawel Cholewinski wrote: > Hello > I want to filter traffic on SSH server. I want to ACCEPT only SSH trafic > on SSH server computer. Packet SSH which receive and send should be > ACCEPT. Other traffic should be DROP. Which protocol I must use. I know

SSH & iptables

2009-05-24 Thread Pawel Cholewinski
Hello I want to filter traffic on SSH server. I want to ACCEPT only SSH trafic on SSH server computer. Packet SSH which receive and send should be ACCEPT. Other traffic should be DROP. Which protocol I must use. I know that port nr 22 is used default. So, what I must type to do this? Thanks p

SSH & iptables

2009-05-24 Thread pch0317
Hello I want to filter traffic on SSH server. I want to ACCEPT only SSH trafic on SSH server computer. Packet SSH which receive and send should be ACCEPT. Other traffic should be DROP. Which protocol I must use. I know that port nr 22 is used default. So, what I must type to do this? Thanks p