LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 04-21-2009, 04:58 AM   #1
R03L
Member
 
Registered: Feb 2008
Distribution: mepis, ubuntu server ed. Debian. Redhat. Fedora, centos, LFS
Posts: 211

Rep: Reputation: 31
how do i get full ssh block accept my ip adresses


the topic sais it all,

how to i block full access on SSH accept a coupleo f ip adresses and save this on IPTables for restoring afther reboot.??

please help me whit thisone thanks.
 
Old 04-21-2009, 06:08 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
Your title does not say it all. I'm sure it's a simple language issue, but you mean except, not accept, and within iptables they mean very different things. And you've not said what distro your using or firewall management tool to know how to best achieve this.

Basically within iptables you would probably just want to add something like

iptables -A INPUT -p tcp -s a.b.c.d -dport 22 -m state -state NEW -j ACCEPT

Assuming that the rest of your firewall handles established connections generically and such.

Last edited by acid_kewpie; 04-21-2009 at 06:15 AM.
 
Old 04-21-2009, 06:35 AM   #3
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 620

Rep: Reputation: 33
Quote:
Originally Posted by acid_kewpie View Post

iptables -A INPUT -p tcp -s a.b.c.d -dport 22 -m state -state NEW -j ACCEPT
How about a range of IP-addresses ? Can this be defined with comma-separated values like :

iptables -A INPUT -p tcp -s a.b.c.d, a.b.c.d, a.b.c.d -dport 22 -m state -state NEW -j ACCEPT
 
Old 04-21-2009, 07:19 PM   #4
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by jonaskellens View Post
How about a range of IP-addresses ? Can this be defined with comma-separated values like :

iptables -A INPUT -p tcp -s a.b.c.d, a.b.c.d, a.b.c.d -dport 22 -m state -state NEW -j ACCEPT
You gotta use the iprange match module for that. Example:
Code:
iptables -A INPUT -p TCP -m iprange --src-range a.b.c.d-w.x.y.z \
--dport 22 -m state -state NEW -j ACCEPT
 
Old 04-21-2009, 07:27 PM   #5
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
If you aren't wedded to iptables, you may find it simpler to simple add these IPs to sshd_config. Something like

AllowUsers *@123.456.78.90 *@098.765.43.21 *@192.168.0.*

etc.

Last edited by billymayday; 04-21-2009 at 07:42 PM.
 
Old 04-22-2009, 08:26 AM   #6
R03L
Member
 
Registered: Feb 2008
Distribution: mepis, ubuntu server ed. Debian. Redhat. Fedora, centos, LFS
Posts: 211

Original Poster
Rep: Reputation: 31
yess

yes and now i need to block / drop every other incoming and outgoing connections,

assuming the inserted ip's will be accepted.
 
Old 04-22-2009, 08:26 AM   #7
R03L
Member
 
Registered: Feb 2008
Distribution: mepis, ubuntu server ed. Debian. Redhat. Fedora, centos, LFS
Posts: 211

Original Poster
Rep: Reputation: 31
thanks in advanced
 
Old 04-22-2009, 04:00 PM   #8
R03L
Member
 
Registered: Feb 2008
Distribution: mepis, ubuntu server ed. Debian. Redhat. Fedora, centos, LFS
Posts: 211

Original Poster
Rep: Reputation: 31
and howto restore this atfher reboot, i try iptables-save but afther reboot it's config is gone

Last edited by R03L; 04-22-2009 at 04:32 PM.
 
Old 04-23-2009, 03:15 AM   #9
R03L
Member
 
Registered: Feb 2008
Distribution: mepis, ubuntu server ed. Debian. Redhat. Fedora, centos, LFS
Posts: 211

Original Poster
Rep: Reputation: 31
it's a debian machine there is no /etc/init.d/iptables
command not found
 
  


Reply

Tags
block, ip, iptables, ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh wont accept passwords investmentbnker75 Linux - Server 17 11-01-2008 12:03 PM
Accept outgoing SSH connection G00fy Linux - Security 4 08-25-2008 09:55 AM
Creating threads -Block in accept ! dhara Linux - Networking 1 03-29-2007 11:51 PM
SSH doesn't accept connections basse- Linux - Software 1 05-23-2004 07:33 AM
How to set SSH server to accept V2 connections only? chupacabra Linux - Security 18 01-24-2003 04:57 PM


All times are GMT -5. The time now is 08:07 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration