iptable

testy8888 · 08-08-2020, 03:27 AM

Hi,
I like to see if i undersood well.

iptables -L
Chain OUTPUT (policy ACCEPT)
ACCEPT all -- anywhere 10.129.0.0/16 owner GID match testy

user y has uid=101(y) gid=101(testy) and user y5 has uid=(104) gid=104(y4)

in this case only user y can login by ssh in this server.right?

Turbocapitalist · 08-08-2020, 03:43 AM

The output from iptables-save would be more useful to read. Also, if you are just starting with the packet filter, you might focus on nftables instead, it is the direction that the kernel has moved. iptables is considered deprecated.

However, if you want to restrict incoming SSH logins, do that via the SSH daemon's configuration file. See "man sshd_config" and look at the AllowGroups and DenyGroups configuration directives. Both iptables, and even nftables would be the wrong tool for that.

testy8888 · 08-08-2020, 07:40 AM

i only need to see if that rule allow user y to open session on ssh protocol,it can be ssh,scp,sftp session.
and if user y5 can not open ssh session. or what this rule does.

agillator · 08-08-2020, 08:56 AM

Have you checked the man page for iptables? You have defined acceptable ips and uid/gids but have said nothing to the firewall about ports. Therefore it will not worry about ports, ssh or any other port. You might also do better using the command

Code:

 sudo iptables -L -v- n

which will give you a bit more information.