Hello,

I currently have full c class on my server (/24). And i want to ssh to be allowed only from one ip. The rest of ips should be droped. I configured sshd_config file to listen only one ip but some attacker still can flood port 22 of other ips. So what should add my iptables rules?

Thanks for replies.

If I'm understanding you correctly ...you want to allow incomming connections to this box from only one ip, correct? if so....
Replace xxx's with the ip you wish to allow...
Be advised this isn't a "complete" firewall, but just 2 rules to do what you want

thank i'm using apf. i'll add following lines to bt.rules. usally i'm getting udp and syn floods. I just want to block them. When some one floods ipconntract table goes full and it consumes all cpu resources.

If you're getting flooded with bogus syn requests you need to enable tcp_syncookies 'echo 1 >> /proc/sys/net/ipv4/tcp_syncookies'

I didn't realize you were a target of a coordinated attack from your first post, but simply restricting the port in which ssh listens on isn't going to help against a syn or ddos attack against your box .....

You may need to talk to your upstream provider about dropping the rogue packets at their border as just about anything you do (system level) is going to eat into your cpu resources...

I'm not familiar with apf, but search around here, there are plenty of iptables examples (I've posted at least one myself somewhere)that will get you at least a rudimentary understanding. You really should set the default input policy to DROP (don't use reject, as you're system will still have to work overtime to respond to the packets in this case) then explicitly allow connections you need.