Not sure if it belongs here or in general (or maybe even in security). I'm using sshd for connectivity to my server (172.31.212.37). It's set up for key authentication.
Before running my iptables script (see below):
When I connect from one of the trusted machines (see below) and I enter my username, I'm immediately prompted for my passphrase.
After running the script, this passphrase prompt takes between 15 and 20 seconds to appear.
IPTABLES script
Code:
#!/bin/sh
# initial block
iptables -P INPUT DROP
iptables -P FORWARD DROP
# accept anything on localhost
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
# allow HTTPS from any machine on 172.*.*.*
iptables -A INPUT -s 172.0.0.0/8 -p tcp --dport 443 -j ACCEPT
# allow SSH from trusted machines
iptables -A INPUT -s 172.31.212.19 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -s 172.31.212.53 -p tcp --dport 22 -j ACCEPT
Any explanation?
FYI
Code:
root@btd-techweb01:/# iptables -nvL
Chain INPUT (policy DROP 335 packets, 68806 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 127.0.0.1 127.0.0.1
0 0 ACCEPT tcp -- * * 172.0.0.0/8 0.0.0.0/0 tcp dpt:443
20353 1603K ACCEPT tcp -- * * 172.31.212.19 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- * * 172.31.212.53 0.0.0.0/0 tcp dpt:22
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 16681 packets, 4901K bytes)
pkts bytes target prot opt in out source destination
PS I'm completely new to iptables