On Wed, 2002-08-21 at 23:10, Larry Sanders wrote:
> Following this is the iptables rules that I have been using.
> Notice the wonderful credit given to Derek for his help.
> I like the fact that any traffic from tthe outside is dropped.
> I have a need to allow ssh traffic in for file transfer.
> Joe suggested that I use port 222 and RSA keys for
> authentication to login.
> What additions to this file will be needed to allow this
> traffic on port 222.
> Thanks in Advance
> Larry :-)
I apologize for yet another revision on my first 2 posts, but I realized
I may have made an incorrect assumption in the iptables rules I sent. If
you are trying to ssh (on port 222) directly into your firewall box from
the outside world, all you need is the following rules:
# Accept connections from the outside world to the external interface on
port 222 -- tcp and udp
/sbin/iptables -A INPUT -i eth1 -s 0/0 -p tcp --dport 222 -j ACCEPT
/sbin/iptables -A INPUT -i eth1 -s 0/0 -p udp --dport 222 -j ACCEPT
# Log and drop packets for any other destination port not specified
above
/sbin/iptables -A INPUT -i eth1 -s 0/0 -j LOG \
--log-prefix="EXT-SSH DROP: "
/sbin/iptables -A INPUT -i eth1 -s 0/0 -j DROP
-- Matt Miller Systems Administrator MP TotalCare gpg public key id: 08BC7B06
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:48:37 EDT