LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 12-15-2005, 09:33 AM   #1
Harlin
Member
 
Registered: Dec 2004
Location: Atlanta, GA U.S.
Distribution: I play with them all :-)
Posts: 316

Rep: Reputation: 30
Stopping outbound SSH with IPTables


I would like to stop outbound ssh (port 22) using IPTables. Does anyone know what I would need to type with IPTables to get this to work?
 
Old 12-16-2005, 03:34 AM   #2
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86_64; Gentoo PPC; FreeBSD; OS X 10.9.4
Posts: 3,760
Blog Entries: 4

Rep: Reputation: 77
Code:
# iptables -A OUTPUT -i eth0 -p tcp --dport 22 -j DROP
Lotsa docs here:
http://www.netfilter.org/documentation/index.html
 
Old 12-16-2005, 08:35 AM   #3
imitheos
Member
 
Registered: May 2005
Location: Greece
Posts: 374

Rep: Reputation: 55
Quote:
Originally Posted by Harlin
I would like to stop outbound ssh (port 22) using IPTables. Does anyone know what I would need to type with IPTables to get this to work?
Have you read the iptables manpage (man iptables) and/or the http://iptables-tutorial.frozentux.net ?
The match you want is the simplest that exist.
Also did you search the forums here ?

Anyway,
You want to drop outbound traffic, so the chain you want is "OUTPUT"
You want to drop SSH traffic,so the protocol is "tcp" and the port is "22".

you build the rule like this.

Code:
iptables -A OUTPUT -p tcp --dport 22 -j DROP
You can add the interface with "-i" like bulliver mentioned.Without it, the rule is more generic.
You can also add "--syn" to match only SYN packets (the ones that start the connection).
 
Old 12-16-2005, 01:05 PM   #4
Harlin
Member
 
Registered: Dec 2004
Location: Atlanta, GA U.S.
Distribution: I play with them all :-)
Posts: 316

Original Poster
Rep: Reputation: 30
Thanks for the help and the links!
 
Old 12-18-2005, 12:21 PM   #5
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by bulliver
Code:
# iptables -A OUTPUT -i eth0 -p tcp --dport 22 -j DROP
that "-i" should really be a "-o"...

BTW Harlin, being that this is on the local machine, i think it might be nicer to use the REJECT target instead of DROP... also, you could specify a match for NEW packets, so that if TCP port 22 needs to be used as part of a RELATED connection for another protocol it won't be affected...

Code:
iptables -A OUTPUT -p TCP -o eth0 --dport 22 \
-m state --state NEW -j REJECT

Last edited by win32sux; 12-18-2005 at 12:23 PM.
 
Old 12-18-2005, 02:14 PM   #6
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86_64; Gentoo PPC; FreeBSD; OS X 10.9.4
Posts: 3,760
Blog Entries: 4

Rep: Reputation: 77
Quote:
that "-i" should really be a "-o"...
Good catch...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Browsing is stopping with iptables saugato Linux - Security 3 02-05-2005 12:41 PM
Iptables not allowing outbound https john8675309 Linux - Software 3 09-13-2004 11:41 PM
stopping ftp on certain internal clients with iptables dlm4444 Linux - Security 2 03-17-2004 03:33 AM
iptables stopping startx firstclass Linux - General 2 10-06-2003 11:59 AM
stopping pop-ups with iptables fuxored Linux - Security 13 06-27-2002 11:54 PM


All times are GMT -5. The time now is 12:37 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration