We have a simple configuration so we could get by with this
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -s "SOURCIPADDRESS" -j REJECT --reject-with icmp-host-prohibited
it doesn't scale well but servies the purpose.
_____________________________________ "He's no failure. He's not dead yet." William Lloyd George
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Steve Clark Sent: Thursday, August 02, 2012 1:17 PM To: CentOS mailing list Cc: Blackburn, Marvin Subject: Re: [CentOS] iptables rule question for Centos 5
On 08/02/2012 01:06 PM, Blackburn, Marvin wrote:
I have a server that allows incoming traffic for ssh and some other things.
I need to set up a rule that will drop/reject all traffic from a particular server except ssh.
How can I do that.
"He's no failure. He's not dead yet." William Lloyd George
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Something like this first in your ruleset: -A INPUT -i eth0 -p tcp -s 10.0.1.0/24 --sport 1024:65535 -d 10.0.1.90/32 ! --dport 22 -j DROP
substitute your appropriate ips and interface