Originally Posted by sathya_css
we have a production environment where iptables is not used. Now that management have asked to enable iptables in all Linux servers (red hat 6.3). M new to this and i don't know where are how to start with ...
The first place to start would be calling Red Hat support. You're using RHEL 6.3, so you're paying for it, right??? That means you're paying for support and access to their knowledgebase.
can some one help me with giving a example of how to enable iptables to restrict access to certain vlans for ssh access ? In other words, i want to give ssh access only to certain VLAN and all other should be dropped.
Read the man pages on sshd_config, and check Google for examples of the "AllowUsers" directive. For example, to only allow users from 10.11.12.x access, you would put:
..into your sshd_config file, and restart the daemon. Anyone on 100.101.102.x subnets would be denied, anyone on 10.11.12.* would be allowed. Put the wildcard wherever you'd like to get more coarse filtering.
You CAN do this with iptables as well...again, Google can help you, if you try to look. See example 5:
But szboardstretcher's method is the best way, since doing this at the machine still exposes the machine to unwanted scrutiny, if someone is watching. Blocking it at the switch makes maintenance of the server easier.