[CentOS] [SOLVED] iptables rule question for Centos 5

Blackburn, Marvin mblackburn at glenraven.com
Wed Aug 8 18:54:45 UTC 2012


We do a better job for those things that are outside of our firewall.
And this is some of what we do.


_____________________________________
"He's no failure. He's not dead yet."
William Lloyd George


-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
Behalf Of Keith Roberts
Sent: Saturday, August 04, 2012 2:43 AM
To: CentOS mailing list
Subject: Re: [CentOS] [SOLVED] iptables rule question for Centos 5

On Fri, 3 Aug 2012, SilverTip257 wrote:

> To: CentOS mailing list <centos at centos.org>
> From: SilverTip257 <silvertip257 at gmail.com>
> Subject: Re: [CentOS] [SOLVED] iptables rule question for Centos 5
> 
> Marvin,
>
> You're leaving SSH open to the world with that.
> If this is a box behind a firewall, then it's not _as much of a
> concern_ ... otherwise you're opening that server up to ssh brute
> force attempts.
>
> Your existing configuration is probably set up to drop/reject if
> traffic does not match any of your rules, so you've nearly solved the
> "blocking all other traffic" from server2.  But you really should put
> a specific rule on server1 with source as server2 and dest port 22
> being accepted.
>
> -s server2 -p tcp --dport 22 -j ACCEPT

Or move the SSH port to a non-standard one?

Keith
_______________________________________________
CentOS mailing list
CentOS at centos.org
http://lists.centos.org/mailman/listinfo/centos





More information about the CentOS mailing list