We do a better job for those things that are outside of our firewall. And this is some of what we do. _____________________________________ "He's no failure. He's not dead yet." William Lloyd George -----Original Message----- From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Keith Roberts Sent: Saturday, August 04, 2012 2:43 AM To: CentOS mailing list Subject: Re: [CentOS] [SOLVED] iptables rule question for Centos 5 On Fri, 3 Aug 2012, SilverTip257 wrote: > To: CentOS mailing list <centos at centos.org> > From: SilverTip257 <silvertip257 at gmail.com> > Subject: Re: [CentOS] [SOLVED] iptables rule question for Centos 5 > > Marvin, > > You're leaving SSH open to the world with that. > If this is a box behind a firewall, then it's not _as much of a > concern_ ... otherwise you're opening that server up to ssh brute > force attempts. > > Your existing configuration is probably set up to drop/reject if > traffic does not match any of your rules, so you've nearly solved the > "blocking all other traffic" from server2. But you really should put > a specific rule on server1 with source as server2 and dest port 22 > being accepted. > > -s server2 -p tcp --dport 22 -j ACCEPT Or move the SSH port to a non-standard one? Keith _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos