how do i get full ssh block accept my ip adresses
 

the topic sais it all,

how to i block full access on SSH accept a coupleo f ip adresses and save this on IPTables for restoring afther reboot.??

please help me whit thisone thanks.

Your title does not say it all. I'm sure it's a simple language issue, but you mean except, not accept, and within iptables they mean very different things. And you've not said what distro your using or firewall management tool to know how to best achieve this.

Basically within iptables you would probably just want to add something like

iptables -A INPUT -p tcp -s a.b.c.d -dport 22 -m state -state NEW -j ACCEPT

Assuming that the rest of your firewall handles established connections generically and such.

How about a range of IP-addresses ? Can this be defined with comma-separated values like :

iptables -A INPUT -p tcp -s a.b.c.d, a.b.c.d, a.b.c.d -dport 22 -m state -state NEW -j ACCEPT

You gotta use the iprange match module for that. Example:

If you aren't wedded to iptables, you may find it simpler to simple add these IPs to sshd_config. Something like

AllowUsers *@123.456.78.90 *@098.765.43.21 *@192.168.0.*

etc.

yess
 

yes and now i need to block / drop every other incoming and outgoing connections,

assuming the inserted ip's will be accepted.

thanks in advanced

and howto restore this atfher reboot, i try iptables-save but afther reboot it's config is gone

it's a debian machine there is no /etc/init.d/iptables
command not found