iptables rules doesn't work as expected..

Shioni · 11-14-2006, 10:51 AM

Hi!
I have a SSH server on our network, but I want to setup iptables, so that it can be accessed only from the network. I used these rules on the server, but now server is not accessable..

Code:

iptables -A INPUT -m iprange --src-range 192.168.1.2-192.168.1.10 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j REJECT --reject-with tcp-reset

Any suggestions?! Thank you!

Nathanael · 11-14-2006, 11:11 AM

Code:

iptables -A INPUT -p tcp -s 192.168.1.0/28 -dport 22 -j ACCEPT
iptables -P INPUT DROP

that should do the trick!

Shioni · 11-14-2006, 11:35 AM

Thanks! When I add "iptables -P INPUT DROP" I lost connection to server..

amitsharma_26 · 11-14-2006, 02:15 PM

Quote:

Originally Posted by Shioni

Thanks! When I add "iptables -P INPUT DROP" I lost connection to server..

Look as you were accessing your server via ssh & you ran
iptables -P INPUT DROP
... you(iptables) dropped your own connection as well. You were better creating a script & then typing those commands in them & then finally running that script.

Nathanael · 11-15-2006, 01:37 AM

do you by any chanse know this rule

Code:

iptables -I INPUT 1 -m state --state RELATED,ESTABLISHED -j ACCEPT

that makes sure that related and already established connections stay open!!

google for iptables tutorial and among the first hits you will find all you need

EDIT:
btw. if you dont add a DROP you are not really firewalling!!!