SSH blocking
My server doesn't use SSH and I keep getting hack attempts coming in according to my auth_log. I found this on the web whereby you are supposed to be able to block all SSH connections except those needed (my SSL connection to the server, etc):
iptables -A INPUT -p tcp -s ???.???.???.??? -d $SERVER_IP --sport 513:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s $SERVER_IP -d ???.???.???.??? --sport 22 --dport 513:65535 -m state --state ESTABLISHED -j ACCEPT
I come into my server through three possible IPs and was wondering if just tripling up on the above INPUT and OUTPUT lines for each of my three IPs would work to get me in from all three.
|