Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
It would be a good idea if you did some general review of how iptables/netfilter work (with HOWTOs or something) to get a general feel for this and to make sure you have tailored things to your needs, but to block all but one IP address (assuming ssh is listening on port 22), you can
iptables -A INPUT -s ! xx.xx.xx.xx -p tcp --dport 22 -j DROP
or to allow multiple addresses:
iptables -A INPUT -s xx.xx.xx.xx -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -s yy.yy.yy.yy -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -s zz.zz.zz.zz -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP
If you have other firewall rules to merge with, or if you want to do state tracking and/or logging you might want to do something slightly different.
use /etc/hosts.allow and hosts.deny to specify this at aplication level, or just use a firewall to block those ports before it gets anywhere near ssh. you've given a slightly confusing explanation there though, as "me" and "nobody" imply a user name, but an ip is obviosuly unrelated to a username
Glad it's working for you. Just FYI, for making use of Tcp wrappers for any daemon, the daemon needs to be compiled with the library libwrap.so if not already. Or else /etc/hosts.allow and /etc/hosts.deny won't work. You may check whether the daemon is compiled with libwrap.so.0 using the command ldd.
If you are the only user allowed to log into ssh, another layer of security is to use the "AllowUsers" entry in /etc/ssh/sshd_config. Also disable root logins.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.