We do a better job for those things that are outside of our firewall. And this is some of what we do.
_____________________________________ "He's no failure. He's not dead yet." William Lloyd George
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Keith Roberts Sent: Saturday, August 04, 2012 2:43 AM To: CentOS mailing list Subject: Re: [CentOS] [SOLVED] iptables rule question for Centos 5
On Fri, 3 Aug 2012, SilverTip257 wrote:
To: CentOS mailing list centos@centos.org From: SilverTip257 silvertip257@gmail.com Subject: Re: [CentOS] [SOLVED] iptables rule question for Centos 5
Marvin,
You're leaving SSH open to the world with that. If this is a box behind a firewall, then it's not _as much of a concern_ ... otherwise you're opening that server up to ssh brute force attempts.
Your existing configuration is probably set up to drop/reject if traffic does not match any of your rules, so you've nearly solved the "blocking all other traffic" from server2. But you really should put a specific rule on server1 with source as server2 and dest port 22 being accepted.
-s server2 -p tcp --dport 22 -j ACCEPT
Or move the SSH port to a non-standard one?
Keith _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos