Re: [CentOS] [SOLVED] iptables rule question for Centos 5

4 Aug 2012

      Marvin,
You're leaving SSH open to the world with that.
If this is a box behind a firewall, then it's not _as much of a
concern_ ... otherwise you're opening that server up to ssh brute
force attempts.
Your existing configuration is probably set up to drop/reject if
traffic does not match any of your rules, so you've nearly solved the
"blocking all other traffic" from server2.  But you really should put
a specific rule on server1 with source as server2 and dest port 22
being accepted.
-s server2 -p tcp --dport 22 -j ACCEPT
Best of luck,
---~~.~~---
Mike
//  SilverTip257  //
On Fri, Aug 3, 2012 at 4:25 PM, Blackburn, Marvin
mblackburn@glenraven.com wrote:
...
We have a simple configuration so we could get by with this
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
ACCEPT
-A RH-Firewall-1-INPUT -s "SOURCIPADDRESS"  -j REJECT --reject-with
icmp-host-prohibited
it doesn't scale well but servies the purpose.

"He's no failure. He's not dead yet."
William Lloyd George
-----Original Message-----
From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On
Behalf Of Steve Clark
Sent: Thursday, August 02, 2012 1:17 PM
To: CentOS mailing list
Cc: Blackburn, Marvin
Subject: Re: [CentOS] iptables rule question for Centos 5
On 08/02/2012 01:06 PM, Blackburn, Marvin wrote:
...
I have a server that allows incoming traffic for ssh and some other
things.
I need to set up a rule that will drop/reject all traffic from a
particular server except ssh.
How can I do that.

"He's no failure. He's not dead yet."
William Lloyd George

CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Something like this first in your ruleset:
-A INPUT -i eth0 -p tcp -s 10.0.1.0/24 --sport 1024:65535 -d
10.0.1.90/32 ! --dport 22 -j DROP
substitute your appropriate ips and interface
--
Stephen Clark
*NetWolves*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.clark@netwolves.com
http://www.netwolves.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [CentOS] [SOLVED] iptables rule question for Centos 5