On Tue, 25 Oct 2005 10:54:16 -0700, Benjamin Smith <lists at benjamindsmith.com> wrote: > Based on your question, I'll consider that you're pretty much > using a standard iptables config. > > edit /etc/sysconfig/iptables > > Add the following line, somewhere in the middle - it allows > inbound connections to TCP port 22: > > -A RH-Firewall-1-INPUT -p tcp --dport 22 -j ACCEPT > > If you want to restrict access to a single IP address try this, > it allows inbound connections to port 22 from ip address 1.2.3.4: > > -A RH-Firewall-1-INPUT -p tcp -s 1.2.3.4/32 --dport 22 -j ACCEPT > > Then restart iptables > /etc/rc.d/init.d/iptables restart; If you also wish to throttle new connections to the sshd daemon (a most useful security measure in my opinion) then you can add this to the top of your INPUT chain as well: # sshd new connection attempts throttled to 4/min./IP addr. -A INPUT -p tcp -m tcp -m state -m recent -i eth0 --dport 22 -- state NEW -j DROP --update --seconds 60 --hitcount 4 --name DEFAULT --rsource # Add new sshd connection attempt to recent ip list -A INPUT -p tcp -m tcp -m state -m recent -i eth0 --dport 22 -- state NEW --set --name DEFAULT --rsource You can alter the comparison period and connection rate values by altering the arguments for --seconds and --hitcount appropriately. For example, to permit no more than twelve connections from a single IP address within any five minute period then use --seconds 300 --hitcount 12. Regards, Jim -- *** e-mail is not a secure channel *** mailto:byrnejb.<token>@harte-lyne.ca James B. Byrne Harte & Lyne Limited vox: +1 905 561 1241 9 Brockley Drive fax: +1 905 561 0757 Hamilton, Ontario <token> = hal Canada L8E 3C3