I am using Fedora 6 for my web server. I frequently use Putty to connect to my server via ssh from home. My server also receives thousands of failed attempts from others to connect per week. I guess I have a good password or something, but there is no need to allow this to continue.
So my question: Is there a way to drop all attempts on port 22 except those from my IP address range? All my home computers use DHCP, but always have an address beginning with 138.190.208.something. So I would like to only allow a corresponding range of IP addresses, and drop the rest. I do need to keep accepting all connections to port 80, of course.
This is what my iptables list looks like now:
Quote:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere server.mydomain.com tcp spt:ssh
ACCEPT tcp -- anywhere server.mydomain.com tcp spt:http
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
|
Suggestions? Thanks.