We have a simple configuration so we could get by with this -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -s "SOURCIPADDRESS" -j REJECT --reject-with icmp-host-prohibited it doesn't scale well but servies the purpose. _____________________________________ "He's no failure. He's not dead yet." William Lloyd George -----Original Message----- From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Steve Clark Sent: Thursday, August 02, 2012 1:17 PM To: CentOS mailing list Cc: Blackburn, Marvin Subject: Re: [CentOS] iptables rule question for Centos 5 On 08/02/2012 01:06 PM, Blackburn, Marvin wrote: > I have a server that allows incoming traffic for ssh and some other > things. > > I need to set up a rule that will drop/reject all traffic from a > particular server except ssh. > > How can I do that. > > > > > > _____________________________________ > "He's no failure. He's not dead yet." > William Lloyd George > > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > Something like this first in your ruleset: -A INPUT -i eth0 -p tcp -s 10.0.1.0/24 --sport 1024:65535 -d 10.0.1.90/32 ! --dport 22 -j DROP substitute your appropriate ips and interface -- Stephen Clark *NetWolves* Director of Technology Phone: 813-579-3200 Fax: 813-882-0209 Email: steve.clark at netwolves.com http://www.netwolves.com _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos