LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page how do i get full ssh block accept my ip adresses
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 04-21-2009, 05:58 AM   #1
R03L
Member
 
Registered: Feb 2008
Location: holland, near assen. (tt city)
Distribution: Fedora core 12, Ubuntu server ed.
Posts: 205

Rep: Reputation: 31
how do i get full ssh block accept my ip adresses

the topic sais it all,

how to i block full access on SSH accept a coupleo f ip adresses and save this on IPTables for restoring afther reboot.??

please help me whit thisone thanks.
 
Old 04-21-2009, 07:08 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 38,408

Rep: Reputation: 885Reputation: 885Reputation: 885Reputation: 885Reputation: 885Reputation: 885Reputation: 885
Your title does not say it all. I'm sure it's a simple language issue, but you mean except, not accept, and within iptables they mean very different things. And you've not said what distro your using or firewall management tool to know how to best achieve this.

Basically within iptables you would probably just want to add something like

iptables -A INPUT -p tcp -s a.b.c.d -dport 22 -m state -state NEW -j ACCEPT

Assuming that the rest of your firewall handles established connections generically and such.
Last edited by acid_kewpie; 04-21-2009 at 07:15 AM.
 
Old 04-21-2009, 07:35 AM   #3
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 493

Rep: Reputation: 31
Quote:
Originally Posted by acid_kewpie View Post

iptables -A INPUT -p tcp -s a.b.c.d -dport 22 -m state -state NEW -j ACCEPT
How about a range of IP-addresses ? Can this be defined with comma-separated values like :

iptables -A INPUT -p tcp -s a.b.c.d, a.b.c.d, a.b.c.d -dport 22 -m state -state NEW -j ACCEPT
 
Old 04-21-2009, 08:19 PM   #4
win32sux
Moderator
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,847

Rep: Reputation: 348Reputation: 348Reputation: 348Reputation: 348
Quote:
Originally Posted by jonaskellens View Post
How about a range of IP-addresses ? Can this be defined with comma-separated values like :

iptables -A INPUT -p tcp -s a.b.c.d, a.b.c.d, a.b.c.d -dport 22 -m state -state NEW -j ACCEPT
You gotta use the iprange match module for that. Example:
Code:
iptables -A INPUT -p TCP -m iprange --src-range a.b.c.d-w.x.y.z \
--dport 22 -m state -state NEW -j ACCEPT
 
Old 04-21-2009, 08:27 PM   #5
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 120Reputation: 120
If you aren't wedded to iptables, you may find it simpler to simple add these IPs to sshd_config. Something like

AllowUsers *@123.456.78.90 *@098.765.43.21 *@192.168.0.*

etc.
Last edited by billymayday; 04-21-2009 at 08:42 PM.
 
Old 04-22-2009, 09:26 AM   #6
R03L
Member
 
Registered: Feb 2008
Location: holland, near assen. (tt city)
Distribution: Fedora core 12, Ubuntu server ed.
Posts: 205

Original Poster
Rep: Reputation: 31
yess
yes and now i need to block / drop every other incoming and outgoing connections,

assuming the inserted ip's will be accepted.
 
Old 04-22-2009, 09:26 AM   #7
R03L
Member
 
Registered: Feb 2008
Location: holland, near assen. (tt city)
Distribution: Fedora core 12, Ubuntu server ed.
Posts: 205

Original Poster
Rep: Reputation: 31
thanks in advanced
 
Old 04-22-2009, 05:00 PM   #8
R03L
Member
 
Registered: Feb 2008
Location: holland, near assen. (tt city)
Distribution: Fedora core 12, Ubuntu server ed.
Posts: 205

Original Poster
Rep: Reputation: 31
and howto restore this atfher reboot, i try iptables-save but afther reboot it's config is gone
Last edited by R03L; 04-22-2009 at 05:32 PM.
 
Old 04-23-2009, 04:15 AM   #9
R03L
Member
 
Registered: Feb 2008
Location: holland, near assen. (tt city)
Distribution: Fedora core 12, Ubuntu server ed.
Posts: 205

Original Poster
Rep: Reputation: 31
it's a debian machine there is no /etc/init.d/iptables
command not found
 
  


Reply

Tags
block, ip, iptables, ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh wont accept passwords investmentbnker75 Linux - Server 17 11-01-2008 01:03 PM
Accept outgoing SSH connection G00fy Linux - Security 4 08-25-2008 10:55 AM
Creating threads -Block in accept ! dhara Linux - Networking 1 03-30-2007 12:51 AM
SSH doesn't accept connections basse- Linux - Software 1 05-23-2004 08:33 AM
How to set SSH server to accept V2 connections only? chupacabra Linux - Security 18 01-24-2003 05:57 PM


All times are GMT -5. The time now is 02:58 PM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
 
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration