Good morning,
First I would recommend using different rules for your INPUT and FORWARD chains; it's 100 times easier to troubleshoot and can make things look a lot simpler. Second, I would refrain from posting any external ip addresses on a public forum.
I'm not sure about your setup, but usually when you're creating rules such as these, it's a good idea to start off with a default policy of DROP for INPUT, OUTPUT and FORWARD. From a security perspective it's better to block everything and only allow what you're looking for.
Anyways, for your rules, I would replace "-A RH-Firewall-1-INPUT -i eth0 -s 82.201.195.123 -j ACCEPT" and "-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 22 -j REJECT" with:
-A RH-Firewall-1-INPUT -i eth0 -p tcp -m tcp -s ! 82.201.195.123 --dport 22 -j DROP
This will drop everything on eth0 going to port 22 from everywhere except the ip address specified. However, it's still easy to spoof an ip address in order to get ssh access to this box. I would really recommend to set all your default policies to DROP though. If you'd like an exhaustive tutorial: http://iptables-tutorial.frozentux.net/iptables-tutorial.html
Peace.
Andrew Elliott Network Services Computar Services Inc. 2191 Thurston Drive
Ottawa, Ontario K1G 6C9 Tel: (613) 482-8374 Fax: (613) 737-3611 Email: andrewe@computar.ca
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Abd El-Hameed Ayad Sent: Tuesday, May 23, 2006 9:35 AM To: centos@centos.org Subject: [CentOS] iptables rules
Hi, I have 2 CentOS servers 82.201.195.123 & 62.139.61.84 I want to deny all ssh logins on port 22 on (62.139.61.84) from any host except from (82.201.195.123)
Can anybody tell me such iptables rules to write in /etc/sysconfig/iptables Currently, im using the following rules (on 62.139.61.84)
*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -i eth1 -j ACCEPT -A RH-Firewall-1-INPUT -i eth0 -s 82.201.195.123 -j ACCEPT -A RH-Firewall-1-INPUT -m tcp -p tcp --dport 22 -j REJECT -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -i eth0 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT
But i found that somebody is bypassing these rules & trying to authenticate with unknown (or wrong password) accounts
Thanx in advance
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos