Allow access to server from only 1 IP address using iptables
I have a server located remotely that I'd like to protect by allowing access to only my IP address (on any port). Currently anyone can access the server using ssh, http, and any other services that my server is running. (The reason I need to protect it for now is that it's a test/development server and really only needs to be accessed by me.)
The downside of doing this is every time my desktop IP address changes (from where I access the remote server), I would need to update the iptables configuration. (This could be a hassle, but based on my limited knowledge it seems to be the best way to allow access from only myself.) Could anyone share how to allow access to my server using iptables from only my IP address and on any port? Also, if there are any pitfalls of doing it this way, I'd appreciate hearing about it too. |
Hello,
Portknocking could be a possible option in this case. As far as your dynamic IP address goes, check out dyndns - http://dyn.com/dns/dyndns-free/ Hope this helps a bit! Cheers, Josh |
I'd make a self signed certificate and use it to authenticate.
|
Try ssh+auth keys+Match/AllowUsers http://www.openbsd.org/cgi-bin/man.c...nfig&sektion=5.
Restricting the src IP would be a problem if your desktop IP changes before you get to update the server with the new addr ... ;) |
Hi
You can use iptables -A INPUT -i eth0 -p tcp --dport 22 -s myIP -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 80 -s myIP -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 22 -j DROP_LOG iptables -A INPUT -i eth0 -p tcp --dport 80 -j DROP_LOG Or you can use /etc/hosts.deny add line ALL:ALL EXCEPT myIP generics array |
All times are GMT -5. The time now is 12:16 PM. |