Hi, I have 2 CentOS servers 82.201.195.123 & 62.139.61.84 I want to deny all ssh logins on port 22 on (62.139.61.84) from any host except from (82.201.195.123)
Can anybody tell me such iptables rules to write in /etc/sysconfig/iptables Currently, im using the following rules (on 62.139.61.84)
*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -i eth1 -j ACCEPT -A RH-Firewall-1-INPUT -i eth0 -s 82.201.195.123 -j ACCEPT -A RH-Firewall-1-INPUT -m tcp -p tcp --dport 22 -j REJECT -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -i eth0 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT
But i found that somebody is bypassing these rules & trying to authenticate with unknown (or wrong password) accounts
Thanx in advance
I have 2 CentOS servers 82.201.195.123 & 62.139.61.84 I want to deny all ssh logins on port 22 on (62.139.61.84) from any host except from (82.201.195.123)
Can anybody tell me such iptables rules to write in /etc/sysconfig/iptables Currently, im using the following rules (on 62.139.61.84)
*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -i eth1 -j ACCEPT -A RH-Firewall-1-INPUT -i eth0 -s 82.201.195.123 -j ACCEPT -A RH-Firewall-1-INPUT -m tcp -p tcp --dport 22 -j REJECT -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -i eth0 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT
iptables is a first-match wins firewall. The rule above that mentions the 82.201.195.123 will accept all traffic from that IP address. The rule below it seems a little vague. I might change that to:
-A RH-Firewall-1-INPUT -m tcp -p tcp -i eth0 -d 62.139.61.84 --dport 22 -j REJECT
Hope this helps.
Barry
On Tue May 23 2006 09:34, Abd El-Hameed Ayad wrote:
Can anybody tell me such iptables rules to write in /etc/sysconfig/iptables Currently, im using the following rules (on 62.139.61.84)
My question is is this a firewall box? If it is then you are stopping nothing going from one network to the other. Is this what you really want to do?
Also you are allowing access to this box from any network. Is this also what you want to do?
I can help but I need to know what it is you are trying to do with this box. Your rules need to be re-written to secure what is allowed to access this box and what is allowed to pass though.
Can you send me the iptables script that you run to set up the rules? It looks like you are defaulting to accept instead of deny. -chaz
Charles L. Sliger, Information Systems Engineer, chaz@bctonline.com "No matter where you go, there you are..."
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Abd El-Hameed Ayad Sent: Tuesday, May 23, 2006 6:35 AM To: centos@centos.org Subject: [CentOS] iptables rules
Hi, I have 2 CentOS servers 82.201.195.123 & 62.139.61.84 I want to deny all ssh logins on port 22 on (62.139.61.84) from any host except from (82.201.195.123)
Can anybody tell me such iptables rules to write in /etc/sysconfig/iptables Currently, im using the following rules (on 62.139.61.84)
*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -i eth1 -j ACCEPT -A RH-Firewall-1-INPUT -i eth0 -s 82.201.195.123 -j ACCEPT -A RH-Firewall-1-INPUT -m tcp -p tcp --dport 22 -j REJECT -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -i eth0 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT
But i found that somebody is bypassing these rules & trying to authenticate with unknown (or wrong password) accounts
Thanx in advance
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Fri, 2006-06-09 at 15:17 -0700, Charles Sliger wrote:
-A RH-Firewall-1-INPUT -m tcp -p tcp -s 82.201.195.123 --dport 22 -j ACCEPT
(All one line ... it needs to go above the REJECT line for port 22 that you currently have)
-
Abd El-Hameed Ayad -
Barry Brimer -
Charles Sliger -
Johnny Hughes -
Robert Spangler