Hi,
I am running CentOS Linux release 8.2.2004 (Core) on a remote server. I am running the below iptables command to allow SSH port 22 from a specific source IP 219.91.200.59
iptables -A INPUT -m tcp -p tcp -s 219.91.200.59 --dport 22 -j ACCEPT
service iptables save
The above iptables ruleset is not working and I am still able to connect from the internet to SSH port 22. I look forward to hearing from you and thanks in advance.
Best Regards,
Kaushal
Am 16.07.2020 um 17:48 schrieb Kaushal Shriyan:
Hi,
I am running CentOS Linux release 8.2.2004 (Core) on a remote server. I am running the below iptables command to allow SSH port 22 from a specific source IP 219.91.200.59
iptables -A INPUT -m tcp -p tcp -s 219.91.200.59 --dport 22 -j ACCEPT
service iptables save
The above iptables ruleset is not working and I am still able to connect from the internet to SSH port 22. I look forward to hearing from you and thanks in advance.
Best Regards,
Kaushal
Please consult the documentation to understand how to use the firewall on CentOS 8:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/htm...
In short: you are doing it wrong in multiple dimensions.
Alexander
On 16/07/2020 16:48, Kaushal Shriyan wrote:
Hi,
I am running CentOS Linux release 8.2.2004 (Core) on a remote server. I am running the below iptables command to allow SSH port 22 from a specific source IP 219.91.200.59
iptables -A INPUT -m tcp -p tcp -s 219.91.200.59 --dport 22 -j ACCEPT
service iptables save
The above iptables ruleset is not working and I am still able to connect from the internet to SSH port 22. I look forward to hearing from you and thanks in advance.
Best Regards,
Kaushal
EL8 does not use iptables by default - it's been replaced with nftables.
On Thu, Jul 16, 2020 at 9:25 PM Phil Perry pperry@elrepo.org wrote:
On 16/07/2020 16:48, Kaushal Shriyan wrote:
Hi,
I am running CentOS Linux release 8.2.2004 (Core) on a remote server. I
am
running the below iptables command to allow SSH port 22 from a specific source IP 219.91.200.59
iptables -A INPUT -m tcp -p tcp -s 219.91.200.59 --dport 22 -j ACCEPT
service iptables save
The above iptables ruleset is not working and I am still able to connect from the internet to SSH port 22. I look forward to hearing from you and thanks in advance.
Best Regards,
Kaushal
EL8 does not use iptables by default - it's been replaced with nftables.
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Hi,
I have run the below command but I am still able to connect from the internet. Do I need to add any drop traffic policy using nft?
#nft add rule ip filter INPUT ip saddr 219.91.200.59/32 tcp dport 22 ct state new,established counter accept
Any help will be highly appreciable. Thanks in advance.
Best Regards,
Kaushal
Am 16.07.20 um 18:11 schrieb Kaushal Shriyan:
On Thu, Jul 16, 2020 at 9:25 PM Phil Perry pperry@elrepo.org wrote:
On 16/07/2020 16:48, Kaushal Shriyan wrote:
Hi,
I am running CentOS Linux release 8.2.2004 (Core) on a remote server. I
am
running the below iptables command to allow SSH port 22 from a specific source IP 219.91.200.59
iptables -A INPUT -m tcp -p tcp -s 219.91.200.59 --dport 22 -j ACCEPT
service iptables save
The above iptables ruleset is not working and I am still able to connect from the internet to SSH port 22. I look forward to hearing from you and thanks in advance.
Best Regards,
Kaushal
EL8 does not use iptables by default - it's been replaced with nftables.
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Hi,
I have run the below command but I am still able to connect from the internet. Do I need to add any drop traffic policy using nft?
#nft add rule ip filter INPUT ip saddr 219.91.200.59/32 tcp dport 22 ct state new,established counter accept
Any help will be highly appreciable. Thanks in advance.
Better start with firewalld, a frontend to nft
What is the output of
firewall-cmd --list-all
--On Thursday, July 16, 2020 10:41 PM +0530 Kaushal Shriyan kaushalshriyan@gmail.com wrote:
I have run the below command but I am still able to connect from the internet. Do I need to add any drop traffic policy using nft?
A single rule doesn't tell us enough. Dump the entire firewall to a pastebin and post the link here.
You haven't given us enough to make a good evaluation. Is your INPUT policy DROP? Is your ssh destination this system or elsewhere, it makes a difference. I'm hearing iptables can still be used with nftables but I haven't had need to investigate, you should look into the interaction of the two to make sure that's not causing problems. Just a couple or possibilities. I don't know if nftables still has the raw table which allows you to do an in depth (and laborious) analysis of what's happening by using the -J TRACE option but, if you can't find the issue by other means, it may be necessary.
________________________________ From: CentOS centos-bounces@centos.org on behalf of Phil Perry pperry@elrepo.org Sent: Thursday, July 16, 2020 10:54 AM To: centos@centos.org centos@centos.org Subject: [EXTERNAL] Re: [CentOS] Iptables rules not working
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Harriscomputer
Leroy Tennison Network Information/Cyber Security Specialist E: leroy@datavoiceint.com
[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]
2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.comhttp://www..com
This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc.
If you prefer not to be contacted by Harris Operating Group please notify ushttp://subscribe.harriscomputer.com/.
This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message.
On 16/07/2020 16:48, Kaushal Shriyan wrote:
Hi,
I am running CentOS Linux release 8.2.2004 (Core) on a remote server. I am running the below iptables command to allow SSH port 22 from a specific source IP 219.91.200.59
iptables -A INPUT -m tcp -p tcp -s 219.91.200.59 --dport 22 -j ACCEPT
service iptables save
The above iptables ruleset is not working and I am still able to connect from the internet to SSH port 22. I look forward to hearing from you and thanks in advance.
Best Regards,
Kaushal
EL8 does not use iptables by default - it's been replaced with nftables.
_______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
-
Alexander Dalloz -
Kaushal Shriyan -
Kenneth Porter -
Leon Fauster -
Leroy Tennison -
Phil Perry