[CentOS] firewall help request

david

david at daku.org
Tue Jun 16 20:18:49 UTC 2020


At 12:30 PM 6/16/2020, John Pierce wrote:
>On Tue, Jun 16, 2020 at 12:26 PM david <david at daku.org> wrote:
>
> >
> > Examples of what I've tried, and then tested.  None of them stopped
> > an outgoing SSH from an internal system.
> >
> >    iptables -I INPUT -p tcp --dport 22 -s 10.0.0.0/24 -j DROP
> >    iptables -I INPUT -p tcp --dport 22 -s 10.0.0.0/24 -j DROP
> >
> >
> >
>which interface is that bound to?   I don't see a -i eth0 or whatever, but
>you want that rule on your LAN interface.
>
>note these rules will also prevent any host on 10.0.0.0/24 from ssh'ing to
>the gateway machine itself.

At your suggestion, the command became

iptables -I INPUT -p tcp --dport 22 -i enp3s0 -s 10.0.0.0/24 -j DROP

where enp3s0 is the internal NIC with address 10.0.0.1.  I'm assuming 
that your advice about LAN represents the internal network because on 
most routers, it is, and WAN is the internet connection.

And ssh worked :-(
unfortunately

I know that many ISPs block outgoing port 25, so I know this is do-able.

David 



More information about the CentOS mailing list