LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-24-2013, 01:49 PM   #1
sathya_css
LQ Newbie
 
Registered: Jun 2013
Location: India
Distribution: Redhat 6
Posts: 21

Rep: Reputation: Disabled
Post Iptables


Hi,

we have a production environment where iptables is not used. Now that management have asked to enable iptables in all Linux servers (red hat 6.3). M new to this and i don't know where are how to start with ...

can some one help me with giving a example of how to enable iptables to restrict access to certain vlans for ssh access ?

In other words, i want to give ssh access only to certain VLAN and all other should be dropped.

VLAN base policy

Regards,
Sathya.R
 
Old 07-24-2013, 01:54 PM   #2
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,116

Rep: Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530
Really you'd do this at the switch level.
 
Old 07-24-2013, 02:18 PM   #3
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 18,339

Rep: Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905
Quote:
Originally Posted by sathya_css View Post
Hi,
we have a production environment where iptables is not used. Now that management have asked to enable iptables in all Linux servers (red hat 6.3). M new to this and i don't know where are how to start with ...
The first place to start would be calling Red Hat support. You're using RHEL 6.3, so you're paying for it, right??? That means you're paying for support and access to their knowledgebase.
Quote:
can some one help me with giving a example of how to enable iptables to restrict access to certain vlans for ssh access ? In other words, i want to give ssh access only to certain VLAN and all other should be dropped.
Read the man pages on sshd_config, and check Google for examples of the "AllowUsers" directive. For example, to only allow users from 10.11.12.x access, you would put:
Code:
AllowUsers *@10.11.12.*
DenyUsers *@100.101.102.*
..into your sshd_config file, and restart the daemon. Anyone on 100.101.102.x subnets would be denied, anyone on 10.11.12.* would be allowed. Put the wildcard wherever you'd like to get more coarse filtering.
http://linux.die.net/man/5/sshd_config

You CAN do this with iptables as well...again, Google can help you, if you try to look. See example 5:
http://www.thegeekstuff.com/2011/06/...ules-examples/

But szboardstretcher's method is the best way, since doing this at the machine still exposes the machine to unwanted scrutiny, if someone is watching. Blocking it at the switch makes maintenance of the server easier.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables error in android: iptables-save and iptables-restore not working preetb123 Linux - Mobile 5 04-11-2011 02:56 PM
On what basis CHAIN integer values are generated in IPtables under iptables file? haariseshu Linux - Server 3 11-05-2009 05:25 AM
iptables v1.2.9: Unknown arg `/sbin/iptables' Try `iptables -h' or 'iptables --help' Niceman2005 Linux - Security 4 12-29-2005 09:20 PM
IPtables Log Analyzer from http://www.gege.org/iptables/ brainlego Linux - Software 0 08-11-2003 07:08 AM
My iptables script is /etc/sysconfig/iptables. How do i make this baby execute on boo ForumKid Linux - General 3 01-22-2002 08:36 AM


All times are GMT -5. The time now is 11:24 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration